Diving into Starlink's User Terminal Firmware
Deep dive in to firmware:
— https://blog.quarkslab.com/starlink.html
P.S. Den, thx for the link!🤝
Deep dive in to firmware:
— https://blog.quarkslab.com/starlink.html
P.S. Den, thx for the link!
Please open Telegram to view this post
VIEW IN TELEGRAM
Quarkslab
Diving into Starlink's User Terminal Firmware - Quarkslab's blog
This blog post presents an overview of Starlink's User Terminal runtime internals, focusing on the communications that happen within the device and with user applications and some tools that can help further research on the same topic.
Abusing mhyprotect (not mhyprot2) to kill AVs / EDRs / XDRs / Protected Processes
Repo has demo (Crowdstrike Falcon and MsDefender):
— https://github.com/zer0condition/mhydeath
Repo has demo (Crowdstrike Falcon and MsDefender):
— https://github.com/zer0condition/mhydeath
GitHub
GitHub - zer0condition/mhydeath: Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes. - zer0condition/mhydeath
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Welivesecurity
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
https://www.deepinstinct.com/blog/contain-yourself-staying-undetected-using-the-windows-container-isolation-framework
https://www.deepinstinct.com/blog/contain-yourself-staying-undetected-using-the-windows-container-isolation-framework
Deep Instinct
Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework | Deep Instinct
This blog is based on a session we presented at DEF CON 2023 on Friday, August 11, 2023, in Las Vegas: Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework.
Mashing Enter To Bypass Full Disk Encryption With Tpm, Clevis, Dracut And Systemd
— https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
— https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
Pulse Security
Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd
This vulnerability allows a physically-present attacker to control the full disk encryption unlock process and gain complete access to decrypted content in some cases where a TPM, dracut and Clevis are used.
CVE-2023-36874 Windows Error Reporting LPE BOF
This is a mature and operational CobaltStrike BOF implementation of Filip Dragovic's (@filip_dragovic) CVE-2023-36874 Windows Error Reporting LPE exploit.
— https://github.com/Octoberfest7/CVE-2023-36874_BOF
This is a mature and operational CobaltStrike BOF implementation of Filip Dragovic's (@filip_dragovic) CVE-2023-36874 Windows Error Reporting LPE exploit.
— https://github.com/Octoberfest7/CVE-2023-36874_BOF
GitHub
GitHub - Octoberfest7/CVE-2023-36874_BOF: Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE - Octoberfest7/CVE-2023-36874_BOF
Forwarded from Sys-Admin InfoSec
bld.sys-adm.in successfully converted to ada.openbld.net 135.125.204.230 will be removed from OpenBLD.net DNS in the coming days, please change the settings on your devices to the current IP addresses.135.125.204.230 ближайшие дни будет выведен из OpenBLD.net DNS пожалуйста измените настройки на своих устройствах, на актуальные IP адреса.Previous notification:
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Sys-Admin InfoSec
📢 OpenBLD.net DNS 🤬 H1 2023 Updates & News
What new we have in OpenBLD.net today:
🔹 New optimized DNS Fronted / Backend engines
🔹 Updated Geo Localized ecosystem
🔹 New integrated centralize Cactusd service
🔹 Optimized works with free video services…
What new we have in OpenBLD.net today:
🔹 New optimized DNS Fronted / Backend engines
🔹 Updated Geo Localized ecosystem
🔹 New integrated centralize Cactusd service
🔹 Optimized works with free video services…
Get your Home Network Secured with Raspberry Pi & Wazuh — 2023 Edition
— https://medium.com/@henrion.frn/get-your-home-network-secured-with-raspberry-pi-wazuh-2023-edition-c7ac2044df3e
— https://medium.com/@henrion.frn/get-your-home-network-secured-with-raspberry-pi-wazuh-2023-edition-c7ac2044df3e
Medium
Get your Home Network Secured with Raspberry Pi & Wazuh — 2023 Edition
Welcome to the world of Home security, where protecting your digital assets is a top priority. In today’s interconnected landscape, it’s…
Hackers Can Silently Grab Your IP Through Skype. Microsoft Is In No Rush to Fix It
— https://www.404media.co/hackers-find-your-skype-ip-address-microsoft-wont-fix/
P.S. thx for the link dear subscriber! 🤝
— https://www.404media.co/hackers-find-your-skype-ip-address-microsoft-wont-fix/
P.S. thx for the link dear subscriber! 🤝
404 Media
Hackers Can Silently Grab Your IP Through Skype. Microsoft Is In No Rush to Fix It
A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.
Strategies_for_DevSecOps_CI_CD_Pipelines.pdf
879.2 KB
Strategies for the Integration of
Software Supply Chain Security in DevSecOps CI/CD Pipelines
*from NIST
Software Supply Chain Security in DevSecOps CI/CD Pipelines
*from NIST
Forwarded from Sys-Admin InfoSec
🚀 Open SysConf'23 - Run of the day на 16 Сентября 🐴
Да пребудет с тобой Сила - тому кто стремиться давать знания и знать больше 🙌
Регистрируйся на трансляцию прямо сейчас и стань частью уникальной встречи
📢 . Целый день, где:
✨
✨
Alpha-расписание докладов:
🔸 https://sysconf.io/ru/#schedule
Не упусти возможность для личного и профессионального роста!
Ждем именно тебя🔥
Да пребудет с тобой Сила - тому кто стремиться давать знания и знать больше 🙌
Регистрируйся на трансляцию прямо сейчас и стань частью уникальной встречи
✨
9:15-10:00: Начнем со встречи с участниками и регистрации ✨
19:00-19:20: Окончание трансформации сознания, после совместного общенияAlpha-расписание докладов:
Не упусти возможность для личного и профессионального роста!
Ждем именно тебя
Please open Telegram to view this post
VIEW IN TELEGRAM
Youtube
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
MinIO under attack 🔫
— https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
MinIO under attack 🔫
— https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
VMWare Aria Operations For Networks Static SSH Key RCE
CVE-2023-34039 Exploit:
— https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
CVE-2023-34039 Exploit:
— https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
Summoning Team
VMWare Aria Operations for Networks Static SSH key RCE
VMWare Aria Operations for Networks Static SSH key RCE (CVE-2023-34039)
6 free resources for getting started in cybersecurity
https://www.helpnetsecurity.com/2023/09/05/free-resources-getting-started-in-cybersecurity/
https://www.helpnetsecurity.com/2023/09/05/free-resources-getting-started-in-cybersecurity/
Help Net Security
6 free resources for getting started in cybersecurity
Cybersecurity is not just a career field on the rise - it's a calling that's increasingly vital to the infrastructure of our world. But stepping into the
Exposing_and_Addressing_Security_Vulnerabilities_in_Browser_Text.pdf
1.2 MB
Exposing and Addressing Security Vulnerabilities in Browser Text Input Fields
TLP CLEAR -DDOS Mitigations Guidance_508c.pdf
464.4 KB
DDoS mitigation guidance from CISA
AppSec_Interview_QA.pdf
199.9 KB
Application Security Questions and Answers
Improving the stealthiness of memory injections techniques
— https://www.naksyn.com/edr%20evasion/2023/06/01/improving-the-stealthiness-of-memory-injections.html
— https://www.naksyn.com/edr%20evasion/2023/06/01/improving-the-stealthiness-of-memory-injections.html
Naksyn’s blog
Improving the stealthiness of memory injections techniques
A journey in improving Module Stomping and Module Overloading injection technique, ending up evading Moneta and PE-Sieve