Listing remote named pipes
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third-party applications and services. Both locally as well as on a domain. From an offensive perspective, named pipes may leak some information that could be useful for reconnaissance purposes. Since named pipes can also be used (depending on configuration) to access services remotely – they could allow remote exploits (MS08-067).:
https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third-party applications and services. Both locally as well as on a domain. From an offensive perspective, named pipes may leak some information that could be useful for reconnaissance purposes. Since named pipes can also be used (depending on configuration) to access services remotely – they could allow remote exploits (MS08-067).:
https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/
BlackCat Climbs the Summit With a New Tactic
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network..:
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network..:
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
Unit 42
BlackCat Climbs the Summit With a New Tactic
BlackCat ransomware gang has released a utility called Munchkin, allowing attackers to propagate their payload to remote machines. We analyze this new tool.
Another InfoStealer Enters the Field, ExelaStealer
https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
https://www.fortinet.com/blog/threat-research/exelastealer-infostealer-enters-the-field
Fortinet Blog
Another InfoStealer Enters the Field, ExelaStealer
FortiGuard Labs analyzes ExelaStealer, a relatively new, open-source InfoStealer. Written in Python, and capable of stealing sensitive information from users.…
Sys-Admin Up
Открытый доклад "Безопасность и DNS" в этот четверг (19 октября) г.Алматы В Алматы, в четверг 19 октября, в 19 часов в SmartPoint. Буду докладывать по данному сабжу. Все мы знаем, что DNS это "наше все" без него не будет ничего толком работать, он везде…
Telegram
OpenBLD.net
Презентация InfoSec / DNS или Интернет в DNS промилях с этой встречи , а небольшое фото ревью c коротким комментом в LinkedIn
План: Категоризации моделей угроз, Внедрения смягчающих мер и культуры ИБ для компании <Company name>
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
Создан на лету, за короткое время, в процессе одного интервью. Абстрактно, top-level план - Источники угроз, Уровни угроз, Уровень уязвимости систем, План внедрения, Основные этапы, Получаемые преимущества, Заключение.
Возможно кому-то может оказаться полезным. Пользуйтесь)
Google Doc - https://docs.google.com/document/d/1DQWxr6zde4ugHPaN7cCE7Hh70jxNbsAfT2ydH_nuMgY/edit?usp=sharing
Web Application Firewall (WAF) Comparison Project
Repository contains testing datasets and tools to compare WAF efficacy in the two most important categories:
• Security Coverage (True Positive Rate) - measures the WAF's ability to correctly identify and block malicious requests:
- https://github.com/openappsec/waf-comparison-project
Repository contains testing datasets and tools to compare WAF efficacy in the two most important categories:
• Security Coverage (True Positive Rate) - measures the WAF's ability to correctly identify and block malicious requests:
- https://github.com/openappsec/waf-comparison-project
GitHub
GitHub - openappsec/waf-comparison-project: Testing datasets and tools to compare WAF efficacy
Testing datasets and tools to compare WAF efficacy - openappsec/waf-comparison-project
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials..:
https://github.com/AlbusSec/Penetration-List
https://github.com/AlbusSec/Penetration-List
GitHub
GitHub - AlbusSec/Penetration-List: Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities…
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-d...
CyberSec_For_Kids.pdf
1.5 MB
Cyber Security for Kids
- This document was made for parents, teachers, teenagers and children with basic computer skills or who want to learn more about cybersecurity
- Intended for children from 10 years of age
- This document was made for parents, teachers, teenagers and children with basic computer skills or who want to learn more about cybersecurity
- Intended for children from 10 years of age
Communicative Agents for Software Development
Goodby programmers, hello ChatDev?
https://arxiv.org/pdf/2307.07924v3.pdf
Goodby programmers, hello ChatDev?
https://arxiv.org/pdf/2307.07924v3.pdf
EventLogSilencer
EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging:
https://github.com/AmirHoseinTangsiriNET/EventLogSilencer
EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging:
https://github.com/AmirHoseinTangsiriNET/EventLogSilencer
GitHub
GitHub - AmirHoseinTangsiriNET/EventLogSilencer: EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging
EventLogSilencer is a PowerShell noscript designed for disable Windows Event Logging - AmirHoseinTangsiriNET/EventLogSilencer
Sonatype User Group Agenda.pdf
1.6 MB
План встречи Sonatype User Group в Алматы
Организаторы планируют встречу, где можно познакомиться с ключевыми лицами и экспертами Sonatype, других экспертов рынка Казахстана по AppSec & DevSecOps
• 2 ноября, 15:00-19:00
• г Алматы, SmArt.Point, зал Amphitheater
Форма регистрации: https://forms.gle/UVVAYhzup3hMTYH57
Организаторы планируют встречу, где можно познакомиться с ключевыми лицами и экспертами Sonatype, других экспертов рынка Казахстана по AppSec & DevSecOps
• 2 ноября, 15:00-19:00
• г Алматы, SmArt.Point, зал Amphitheater
Форма регистрации: https://forms.gle/UVVAYhzup3hMTYH57
LatLoader is a PoC module to demonstrate automated lateral movement with the Havoc C2 framework; Elastic EDR Rule Evasions.
https://github.com/icyguider/LatLoader
https://github.com/icyguider/LatLoader
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
🚀 Exciting October'23 Upgrades at OpenBLD.net!
We're thrilled to unveil the latest enhancements in our OpenBLD.net ecosystem. Here's what's new:
🔹 New Filtering Routine Server
Strengthening the core of OpenBLD.net with a brand new filtering routine server.
🔹 Enhanced Performance
Boosted RAM and CPU power on select servers for even smoother operation.
🔹 German Server Addition
Testing out a new server in Germany for ada.openbld.net frontend scoping.
🔹 Rule Tweaks
Updated blocking rules to better combat abused IPs and CIDRs.
🔹 Improved Resource Handling
Optimized performance for web resources like
🔹 New site: With GitHub collaboration opportunities: https://openbld.net
🚫 Reducing Threats: We've successfully blocked Kazakhstan-associated YoroTrooper attacks and the threat of spying on your iPhone. Plus, we've thwarted Keepass faked malware.
📢 Stay Connected:
- Join our official Telegram
- Follow us on LinkedIn
OpenBLD.net is your go-to service for a cleaner, distraction-free online experience.
Help us make the internet a better place for all! 💪
#OpenBLD #InternetSecurity #Upgrade2023
We're thrilled to unveil the latest enhancements in our OpenBLD.net ecosystem. Here's what's new:
Strengthening the core of OpenBLD.net with a brand new filtering routine server.
Boosted RAM and CPU power on select servers for even smoother operation.
Testing out a new server in Germany for ada.openbld.net frontend scoping.
Updated blocking rules to better combat abused IPs and CIDRs.
Optimized performance for web resources like
Krisha, IvI, and Yandex Maps.🚫 Reducing Threats: We've successfully blocked Kazakhstan-associated YoroTrooper attacks and the threat of spying on your iPhone. Plus, we've thwarted Keepass faked malware.
- Join our official Telegram
- Follow us on LinkedIn
OpenBLD.net is your go-to service for a cleaner, distraction-free online experience.
Help us make the internet a better place for all! 💪
#OpenBLD #InternetSecurity #Upgrade2023
Please open Telegram to view this post
VIEW IN TELEGRAM
openbld.net
OpenBLD.net - fast, free DNS that blocks ads, trackers, malware — with DoH, DoT, GeoDNS | OpenBLD.net DNS - Block advertising,…
OpenBLD.net — ultra-fast DNS with ad blocking and proactive cybersecurity. Be yourself, be focused.
Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)
MITRE ATT&CK Techniques included:
https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966
MITRE ATT&CK Techniques included:
https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966
Mandiant
Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966) | Mandiant
Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime
https://blogs.infoblox.com/cyber-threat-intelligence/prolific-puma-shadowy-link-shortening-service-enables-cybercrime/
https://blogs.infoblox.com/cyber-threat-intelligence/prolific-puma-shadowy-link-shortening-service-enables-cybercrime/
Infoblox Blog
To Aid and Abet: Prolific Puma Helps Cybercriminals Evade Detection | Infoblox
Learn how a link shortening service that supports cybercrime remained undetected for years and was discovered via Domain Name Service (DNS) analytics.
ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections
https://medium.com/mitre-attack/attack-v14-fa473603f86b
https://medium.com/mitre-attack/attack-v14-fa473603f86b
Medium
ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections
ATT&CK has been brewing up something eerie for this Halloween — ATT&CK v14
iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices
https://ileakage.com
https://ileakage.com
/ FIRST has officially published the latest version of the Common Vulnerability Scoring System (CVSS v4.0)
https://www.first.org/newsroom/releases/20231101
https://www.first.org/newsroom/releases/20231101
FIRST — Forum of Incident Response and Security Teams
FIRST has officially published the latest version of the Common Vulnerability Scoring System (CVSS v4.0)
In June 2023, attendees at the 35th Annual FIRST Conference, in Montréal, Canada got a first-look preview of the new version of the Common Vulnerability Scoring System (CVSS), version 4.0. After two month of public comment followed by two months of addressing…
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
Троянизированный мессенджер ворует данные и пишет голос:
https://securelist.ru/spyware-whatsapp-mod/108323/
Please open Telegram to view this post
VIEW IN TELEGRAM
securelist.ru
Анализ шпионского модуля в модификации WhatsApp
Модификация WhatsApp со шпионским модулем распространяется через Telegram-каналы на арабском и азербайджанском языках с августа 2023 года.