AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
MFA is not the end all solution to identity security challenges. With only MFA there is still a risk for more modern attacks (MFA fatique, AiTM, PRT, OAuth Attacks and more). Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. What is AiTM, automatic attack disruption and etc:
— https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/
Jeffrey Appel - Microsoft Security blog
AiTM/ MFA phishing attacks in combination with "new" Microsoft protections (2025 edition)
Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online more and...
FirstBlood от Codeby Pentest или как получить Telegram Premium
Hard levels - Premium period:
• hard - 12 month
• medium - 6 month
• light - 3 month
Акция до конца лета, кто хочет попробовать себя в роли хакера - https://codeby.games
0 12 * * SAT на CTF-платфоме Codeby Games будут появляться новые задания, гда за FirstBlood возможно получить Telegram Premium на свой акк.Hard levels - Premium period:
• hard - 12 month
• medium - 6 month
• light - 3 month
Акция до конца лета, кто хочет попробовать себя в роли хакера - https://codeby.games
TeamsPhisher
is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:
— https://github.com/Octoberfest7/TeamsPhisher
is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications:
— https://github.com/Octoberfest7/TeamsPhisher
GitHub
GitHub - Octoberfest7/TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
Send phishing messages and attachments to Microsoft Teams users - Octoberfest7/TeamsPhisher
Cloud Native Thread Report
— https://info.aquasec.com/threat-2023-cloud-native-report?submissionGuid=7612af20-ec02-447c-a212-309067e592b7
— https://info.aquasec.com/threat-2023-cloud-native-report?submissionGuid=7612af20-ec02-447c-a212-309067e592b7
Aquasec
2023 Cloud Native Threat Report
Based on analysis of 700k real-world attacks, Aqua Nautilus's 2023 Cloud Native Threat Report provides insight that can help security practitioners make better, faster decisions to protect their entire cloud native stack.
teamcity-CICD-server-security-whitepaper.pdf
681.5 KB
9 Ways to Prevent a Supply Chain Attack TC CI/CD Server
Introduction to Mythic C2
What is Mythic - Cross-platform, post-exploit, red teaming framework built with GoLang, docker, docker-compose, and a web browser UI. Article with using examples and etc:
— https://redsiege.com/blog/2023/06/introduction-to-mythic-c2/
What is Mythic - Cross-platform, post-exploit, red teaming framework built with GoLang, docker, docker-compose, and a web browser UI. Article with using examples and etc:
— https://redsiege.com/blog/2023/06/introduction-to-mythic-c2/
Increased Truebot Activity Infects U.S. and Canada Based Networks
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Deploy from phishing and exloitation some CVE..
IOC domains sended to OpenBLD.net DNS:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
DevOps_Q-and-A.pdf
1.3 MB
DevOps Interview Questions and Answers
Today info about of OpenBLD.net DNS added to AdGuard Wiki KnowledgeBaseDNS repo 🎉
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
https://github.com/lrh2000/StackRot
https://github.com/lrh2000/StackRot
GitHub
GitHub - lrh2000/StackRot: CVE-2023-3269: Linux kernel privilege escalation vulnerability
CVE-2023-3269: Linux kernel privilege escalation vulnerability - lrh2000/StackRot
100 Methods for Container Attacks(RTC0010)
Container escape, tampering, insecure orchestration and etc.:
— https://redteamrecipe.com/100-Method-For-Container-Attacks/
Container escape, tampering, insecure orchestration and etc.:
— https://redteamrecipe.com/100-Method-For-Container-Attacks/
CVE-2023-36460: mastodon: Arbitrary file creation through media attachmentshttps://www.openwall.com/lists/oss-security/2023/07/06/4
Living Off The Land Applications: Sowing the seeds for application exploitation ease
https://lolapps-project.github.io/#
https://lolapps-project.github.io/#
A memory-based evasion technique which makes shellcode invisible from process start to end.
https://github.com/lem0nSec/ShellGhost
https://github.com/lem0nSec/ShellGhost
GitHub
GitHub - lem0nSec/ShellGhost: A memory-based evasion technique which makes shellcode invisible from process start to end.
A memory-based evasion technique which makes shellcode invisible from process start to end. - lem0nSec/ShellGhost
Exploring TA453's Foray into LNKs and Mac Malware
https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware
https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware
Proofpoint
Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware | Proofpoint US
Key Takeaways TA453 continues to adapt its malware arsenal, deploying novel file types and targeting new operating systems, specifically sending Mac malware to one of its recent targets.
Phemedrone stealer. New day, new threats
ToC:
— Discovery history
— Disassembling the internals
— Interesting facts
— Indicators of compromise
— Conclusion
— https://medium.com/@filexploit/phemedrone-stealer-new-day-new-threats-464fa6f9dbab
ToC:
— Discovery history
— Disassembling the internals
— Interesting facts
— Indicators of compromise
— Conclusion
— https://medium.com/@filexploit/phemedrone-stealer-new-day-new-threats-464fa6f9dbab
Medium
Phemedrone stealer. New day, new threats.
Every day there is more and more open source software in the world. On the one hand, it is a positive thing that moves the whole society…
Скоро в Алматы, 16 сентября, мы будем проводить пятую открытую конференцию Open SysConf.io
Где может каждый прийти и поделиться/послушать доклады, ресерчи или просто пообщаться, познакомиться со специалистами из разных ИТ областей:
https://news.1rj.ru/str/OpenSysConf/1679
Где может каждый прийти и поделиться/послушать доклады, ресерчи или просто пообщаться, познакомиться со специалистами из разных ИТ областей:
https://news.1rj.ru/str/OpenSysConf/1679
Telegram
lexrrr in Open SysConf
Всем привет!
⚡️Мы рады представить вам нашего инфо-партнера конференции KazHackStan - Sys-Admin InfoSec!
💥 Sys-Admin InfoSec - это уникальный паблик, в котором можно найти последние новости, статьи и информацию о системном администрировании, сетевых технологиях…
⚡️Мы рады представить вам нашего инфо-партнера конференции KazHackStan - Sys-Admin InfoSec!
💥 Sys-Admin InfoSec - это уникальный паблик, в котором можно найти последние новости, статьи и информацию о системном администрировании, сетевых технологиях…
osint_from_zero_to_hero.pdf
73.6 KB
Cert / Cource (free/paid) Links collection