Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques
https://github.com/austinsonger/Incident-Playbook
https://github.com/austinsonger/Incident-Playbook
GitHub
GitHub - austinsonger/Incident-Playbook: GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors…
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly] - austinsonger/Incident-Playbook
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
Exploring Hell's Gate Proof of Concept (POC)
To bypass user mode hooks implemented by Endpoint Detection and Response (EDR) systems, attackers (specifically red teams) employ various techniques for unhooking or bypassing these safeguards. The focus here is on the Hell's Gate Proof of Concept (POC), an approach that utilizes direct syscalls to bypass user mode hooks. Even though Hell's Gate POC has been around for a few years, it remains pivotal in the evolution of direct syscalls:
— https://redops.at/en/blog/exploring-hells-gate
To bypass user mode hooks implemented by Endpoint Detection and Response (EDR) systems, attackers (specifically red teams) employ various techniques for unhooking or bypassing these safeguards. The focus here is on the Hell's Gate Proof of Concept (POC), an approach that utilizes direct syscalls to bypass user mode hooks. Even though Hell's Gate POC has been around for a few years, it remains pivotal in the evolution of direct syscalls:
— https://redops.at/en/blog/exploring-hells-gate
RedOps - English
Exploring Hell's Gate - RedOps
Understanding Telemetry: Kernel Callbacks
Event Tracing for Windows (ETW)..:
— https://posts.specterops.io/understanding-telemetry-kernel-callbacks-1a97cfcb8fb3
Event Tracing for Windows (ETW)..:
— https://posts.specterops.io/understanding-telemetry-kernel-callbacks-1a97cfcb8fb3
Medium
Understanding Telemetry: Kernel Callbacks
Introduction
AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
Jeffrey Appel - Microsoft Security blog
AiTM/ MFA phishing attacks in combination with "new" Microsoft protections (2025 edition)
Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online more and...
FirstBlood от Codeby Pentest или как получить Telegram Premium
Hard levels - Premium period:
• hard - 12 month
• medium - 6 month
• light - 3 month
Акция до конца лета, кто хочет попробовать себя в роли хакера - https://codeby.games
0 12 * * SAT на CTF-платфоме Codeby Games будут появляться новые задания, гда за FirstBlood возможно получить Telegram Premium на свой акк.Hard levels - Premium period:
• hard - 12 month
• medium - 6 month
• light - 3 month
Акция до конца лета, кто хочет попробовать себя в роли хакера - https://codeby.games
TeamsPhisher
is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:
— https://github.com/Octoberfest7/TeamsPhisher
is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:
— https://github.com/Octoberfest7/TeamsPhisher
GitHub
GitHub - Octoberfest7/TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
Send phishing messages and attachments to Microsoft Teams users - Octoberfest7/TeamsPhisher
Cloud Native Thread Report
— https://info.aquasec.com/threat-2023-cloud-native-report?submissionGuid=7612af20-ec02-447c-a212-309067e592b7
— https://info.aquasec.com/threat-2023-cloud-native-report?submissionGuid=7612af20-ec02-447c-a212-309067e592b7
Aquasec
2023 Cloud Native Threat Report
Based on analysis of 700k real-world attacks, Aqua Nautilus's 2023 Cloud Native Threat Report provides insight that can help security practitioners make better, faster decisions to protect their entire cloud native stack.
teamcity-CICD-server-security-whitepaper.pdf
681.5 KB
9 Ways to Prevent a Supply Chain Attack TC CI/CD Server
Introduction to Mythic C2
What is Mythic - Cross-platform, post-exploit, red teaming framework built with GoLang, docker, docker-compose, and a web browser UI. Article with using examples and etc:
— https://redsiege.com/blog/2023/06/introduction-to-mythic-c2/
What is Mythic - Cross-platform, post-exploit, red teaming framework built with GoLang, docker, docker-compose, and a web browser UI. Article with using examples and etc:
— https://redsiege.com/blog/2023/06/introduction-to-mythic-c2/
Increased Truebot Activity Infects U.S. and Canada Based Networks
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
DevOps_Q-and-A.pdf
1.3 MB
DevOps Interview Questions and Answers
Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
https://github.com/lrh2000/StackRot
https://github.com/lrh2000/StackRot
GitHub
GitHub - lrh2000/StackRot: CVE-2023-3269: Linux kernel privilege escalation vulnerability
CVE-2023-3269: Linux kernel privilege escalation vulnerability - lrh2000/StackRot
100 Methods for Container Attacks(RTC0010)
Container escape, tampering, insecure orchestration and etc.:
— https://redteamrecipe.com/100-Method-For-Container-Attacks/
Container escape, tampering, insecure orchestration and etc.:
— https://redteamrecipe.com/100-Method-For-Container-Attacks/
CVE-2023-36460: mastodon: Arbitrary file creation through media attachmentshttps://www.openwall.com/lists/oss-security/2023/07/06/4
Living Off The Land Applications: Sowing the seeds for application exploitation ease
https://lolapps-project.github.io/#
https://lolapps-project.github.io/#
A memory-based evasion technique which makes shellcode invisible from process start to end.
https://github.com/lem0nSec/ShellGhost
https://github.com/lem0nSec/ShellGhost
GitHub
GitHub - lem0nSec/ShellGhost: A memory-based evasion technique which makes shellcode invisible from process start to end.
A memory-based evasion technique which makes shellcode invisible from process start to end. - lem0nSec/ShellGhost