BlackLotus Mitigation Guide from NSA
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
Aqua
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which if exploited may lead to code execution on environments
Ad-Attack.pdf
1.4 MB
Few AD attack ways from windows and Linux
Anatsa banking Trojan hits UK, US and DACH with new campaign
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
ThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa returns with a new campaign targeting UK, US and DACH supported by droppers on Google Play Store.
Forwarded from Sys-Admin InfoSec
✍️ Notice: at the next week, all deprecated services will be disabled and all freed up resources will be included to OpenBLD.net DNS ecosystem.
Updates notice:
https://news.1rj.ru/str/sysadm_in_channel/4701
Take care of yourself. Peace ✌️
Updates notice:
https://news.1rj.ru/str/sysadm_in_channel/4701
Take care of yourself. Peace ✌️
Telegram
Sys-Admin InfoSec
OpenBLD.net DNS - Settings Updation Notice
- Who uses DoH/DoT bld.sys-adm.in (will deprecated) please switch to 🚀️️️️ ada.openbld.net
- Change/Update ✨️️️️️️iOS, macOS Profile
- If you are using DNS IP 109.234.39.72 (will deprecated) switch to 46.151.29.15…
- Who uses DoH/DoT bld.sys-adm.in (will deprecated) please switch to 🚀️️️️ ada.openbld.net
- Change/Update ✨️️️️️️iOS, macOS Profile
- If you are using DNS IP 109.234.39.72 (will deprecated) switch to 46.151.29.15…
2023 CWE Top 25 Most Dangerous Software Weaknesses
https://www.cisa.gov/news-events/alerts/2023/06/29/2023-cwe-top-25-most-dangerous-software-weaknesses
https://www.cisa.gov/news-events/alerts/2023/06/29/2023-cwe-top-25-most-dangerous-software-weaknesses
Malvertising: A stealthy precursor to infostealers and ransomware attacks
https://www.malwarebytes.com/blog/business/2023/06/malvertising-a-stealthy-precursor-to-infostealers-and-ransomware-attacks
https://www.malwarebytes.com/blog/business/2023/06/malvertising-a-stealthy-precursor-to-infostealers-and-ransomware-attacks
Malwarebytes
Malvertising: A stealthy precursor to infostealers and ransomware attacks
Malvertising, the practice of using online ads to spread malware, can have dire consequences—and the problem only seems to be growing.
Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques
https://github.com/austinsonger/Incident-Playbook
https://github.com/austinsonger/Incident-Playbook
GitHub
GitHub - austinsonger/Incident-Playbook: GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors…
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly] - austinsonger/Incident-Playbook
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
Exploring Hell's Gate Proof of Concept (POC)
To bypass user mode hooks implemented by Endpoint Detection and Response (EDR) systems, attackers (specifically red teams) employ various techniques for unhooking or bypassing these safeguards. The focus here is on the Hell's Gate Proof of Concept (POC), an approach that utilizes direct syscalls to bypass user mode hooks. Even though Hell's Gate POC has been around for a few years, it remains pivotal in the evolution of direct syscalls:
— https://redops.at/en/blog/exploring-hells-gate
To bypass user mode hooks implemented by Endpoint Detection and Response (EDR) systems, attackers (specifically red teams) employ various techniques for unhooking or bypassing these safeguards. The focus here is on the Hell's Gate Proof of Concept (POC), an approach that utilizes direct syscalls to bypass user mode hooks. Even though Hell's Gate POC has been around for a few years, it remains pivotal in the evolution of direct syscalls:
— https://redops.at/en/blog/exploring-hells-gate
RedOps - English
Exploring Hell's Gate - RedOps
Understanding Telemetry: Kernel Callbacks
Event Tracing for Windows (ETW)..:
— https://posts.specterops.io/understanding-telemetry-kernel-callbacks-1a97cfcb8fb3
Event Tracing for Windows (ETW)..:
— https://posts.specterops.io/understanding-telemetry-kernel-callbacks-1a97cfcb8fb3
Medium
Understanding Telemetry: Kernel Callbacks
Introduction
AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
Jeffrey Appel - Microsoft Security blog
AiTM/ MFA phishing attacks in combination with "new" Microsoft protections (2025 edition)
Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online more and...
FirstBlood от Codeby Pentest или как получить Telegram Premium
Hard levels - Premium period:
• hard - 12 month
• medium - 6 month
• light - 3 month
Акция до конца лета, кто хочет попробовать себя в роли хакера - https://codeby.games
0 12 * * SAT на CTF-платфоме Codeby Games будут появляться новые задания, гда за FirstBlood возможно получить Telegram Premium на свой акк.Hard levels - Premium period:
• hard - 12 month
• medium - 6 month
• light - 3 month
Акция до конца лета, кто хочет попробовать себя в роли хакера - https://codeby.games