Forwarded from Sys-Admin InfoSec
/ When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers
Detailed analysis revealed Command & Control (C2) connections using Discord for communication.
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS
Detailed analysis revealed Command & Control (C2) connections using Discord for communication.
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS
www.r-tec.net
When Hackers hack the Hackers
In this post, the malware analysis process, as well as attacker activities and Indicators of Compromise (IoCs) are presented.
/ Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
Numen
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.
toxssin
An XSS exploitation command-line interface and payload generator:
https://github.com/t3l3machus/toxssin
An XSS exploitation command-line interface and payload generator:
https://github.com/t3l3machus/toxssin
GitHub
GitHub - t3l3machus/toxssin: An XSS exploitation command-line interface and payload generator.
An XSS exploitation command-line interface and payload generator. - t3l3machus/toxssin
/ Skuld: The Infostealer that Speaks Golang
This new malware strain tries to steal sensitive information from its victims..:
https://www.trellix.com/en-us/about/newsroom/stories/research/skuld-the-infostealer-that-speaks-golang.html
This new malware strain tries to steal sensitive information from its victims..:
https://www.trellix.com/en-us/about/newsroom/stories/research/skuld-the-infostealer-that-speaks-golang.html
Trellix
Skuld: The Infostealer that Speaks Golang
In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide. The malware targets sensitive information stored in certain applications, such as Discord and web browsers, and the Windows…
/ Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
— https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/
— https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/
dirkjanm.io
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises Active Directory to Azure AD, and the on-premises AD remains…
Forwarded from Sys-Admin InfoSec
Open SysConf'23 ⚡ День Х: 16 сентября (Суббота)
Парни и девочки, день Open SysConf'23 встречи - 16 сентября (суббота) 2023.
Подтягиваем ширинки, блузки, гладим шнурки и волосы (у кого есть) и намереваемся на встречу в этот прекрасный и уверен солнечный во всех отношениях день ☀️
Возможно нашей встрече не хватает именно твоего доклада..?
— Форма регистрации докладчика
Место проведения: выбирается. Локация: Казахстан, г.Алматы.
Всем Peace ✌️
Парни и девочки, день Open SysConf'23 встречи - 16 сентября (суббота) 2023.
Подтягиваем ширинки, блузки, гладим шнурки и волосы (у кого есть) и намереваемся на встречу в этот прекрасный и уверен солнечный во всех отношениях день ☀️
Возможно нашей встрече не хватает именно твоего доклада..?
— Форма регистрации докладчика
Место проведения: выбирается. Локация: Казахстан, г.Алматы.
Всем Peace ✌️
Fake Security Researcher GitHub Repositories Deliver Malicious Implant
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
PyRDP:
https://github.com/GoSecure/pyrdp
PyRDP:
https://github.com/GoSecure/pyrdp
GitHub
GitHub - GoSecure/pyrdp: RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or…
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact - GoSecure/pyrdp
CONPRO2023.pdf
2.1 MB
De-Anonymizing Users’ Geographical Data on the Strava Heatmap
BlackLotus Mitigation Guide from NSA
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
Aqua
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which if exploited may lead to code execution on environments
Ad-Attack.pdf
1.4 MB
Few AD attack ways from windows and Linux
Anatsa banking Trojan hits UK, US and DACH with new campaign
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
ThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa returns with a new campaign targeting UK, US and DACH supported by droppers on Google Play Store.