OWASP launched AI modeling risk mitigation document
Details:
https://owasp.org/www-project-top-10-for-large-language-model-applications/
Details:
https://owasp.org/www-project-top-10-for-large-language-model-applications/
owasp.org
OWASP Top 10 for Large Language Model Applications | OWASP Foundation
Aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs)
Keylogging in the Windows kernel with undocumented data structures
https://eversinc33.com/posts/kernel-mode-keylogging/
https://eversinc33.com/posts/kernel-mode-keylogging/
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024...
Phobos actors run executables like 1saas.exe or cmd.exe to deploy additional Phobos payloads that have elevated privileges enabled. Additionally, Phobos actors can use the previous commands to perform various windows shell functions. The Windows command shell enables threat actors to control various aspects of a system, with multiple permission levels required for different subsets of commands.
How to mitigate risks:
- Secure RDP
- Reduce administratiove provigese scoping
- Use OpenBLD.net or similar services
Technical details on CISA site:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Please open Telegram to view this post
VIEW IN TELEGRAM
/ Python Risk Identification Tool for generative AI (PyRIT)
open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications from MS
https://github.com/Azure/PyRIT
open access automation framework to empower security professionals and ML engineers to red team foundation models and their applications from MS
https://github.com/Azure/PyRIT
GitHub
GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower…
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI system...
/ Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids
https://www.proofpoint.com/us/blog/threat-insight/ta4903-actor-spoofs-us-government-small-businesses-phishing-bec-bids
https://www.proofpoint.com/us/blog/threat-insight/ta4903-actor-spoofs-us-government-small-businesses-phishing-bec-bids
Proofpoint
TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids | Proofpoint US
Key takeaways TA4903 is a unique threat actor that demonstrates at least two distinct objectives: (1) credential phishing and (2) business email compromise (BEC). TA4903
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
📢 Integration of OpenBLD.net with URLhaus by abuse.ch
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
🔹 https://urlhaus.abuse.ch/host/dukeenergyltd.top
Here's to security for us all. Cheers!)
URLhaus is a project operated by abuse.ch. Its purpose is to collect, track, and share malware URLs, aiding network administrators and security analysts in safeguarding their networks and customers from cyber threats.
Now, you can check the malicious domain ownership with OpenBLD.net alongside Quad9, AdGuard, Cloudflare, ProtonDNS on abuse.ch.
In addition, you can incorporate abuse.ch lists into your security solutions, just as OpenBLD.net does.
You can check this as example on:
Here's to security for us all. Cheers!)
Please open Telegram to view this post
VIEW IN TELEGRAM
CloudGrappler Tool
CloudGrappler is an open-source tool that is purpose-built for querying high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure.
https://permiso.io/blog/cloudgrappler-a-powerful-open-source-threat-detection-tool-for-cloud-environments
CloudGrappler is an open-source tool that is purpose-built for querying high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure.
https://permiso.io/blog/cloudgrappler-a-powerful-open-source-threat-detection-tool-for-cloud-environments
permiso.io
Introducing CloudGrappler: A Powerful Open-Source Threat Detection Tool for Cloud Environments
CloudGrappler is an open-source tool that is purpose-built for querying high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure.
Smishing: Understanding SMS Phishing Tactics
Smishing with EvilGophish:
https://fin3ss3g0d.net/index.php/2024/03/04/smishing-with-evilgophish/
Smishing with EvilGophish:
https://fin3ss3g0d.net/index.php/2024/03/04/smishing-with-evilgophish/
Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762
https://github.com/BishopFox/cve-2024-21762-check
https://github.com/BishopFox/cve-2024-21762-check
GitHub
GitHub - BishopFox/cve-2024-21762-check: Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762
Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762 - BishopFox/cve-2024-21762-check
PurpleLab
allow you to easily deploy an entire lab to create/test your detection rules, simulate logs, play tests, download and run malware and mitre attack techniques, restore the sandbox and many other features..:
https://github.com/Krook9d/PurpleLab
allow you to easily deploy an entire lab to create/test your detection rules, simulate logs, play tests, download and run malware and mitre attack techniques, restore the sandbox and many other features..:
https://github.com/Krook9d/PurpleLab
Warp
Еerminal reimagined with AI and collaborative tools for better productivity
https://www.warp.dev/
Еerminal reimagined with AI and collaborative tools for better productivity
https://www.warp.dev/
www.warp.dev
Warp: The Agentic Development Environment
The fastest way to build with multiple AI agents, from writing code to deploying it. Trusted by over half a million engineers, Warp gives developers speed, privacy, and control to ship faster.
2024ThreatDetectionReport_RedCanary.pdf
14.3 MB
Thread Detection Report 2024 (from red canary)
With mitigation recommendations.
With mitigation recommendations.
Digital Forensics Lab - CYL2002
This repository contains the course material for the digital forensics lab offered at FAST National University of Computer and Emerging Sciences, available for public use and learning.
https://github.com/vonderchild/digital-forensics-lab
This repository contains the course material for the digital forensics lab offered at FAST National University of Computer and Emerging Sciences, available for public use and learning.
https://github.com/vonderchild/digital-forensics-lab
GitHub
GitHub - vonderchild/digital-forensics-lab: CTF styled Digital Forensics labs, as offered in FAST NUCES Karachi during Spring 2023.
CTF styled Digital Forensics labs, as offered in FAST NUCES Karachi during Spring 2023. - vonderchild/digital-forensics-lab
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
Krebs on Security
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts…
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Medium
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
Dredge - Dredging up secrets from the depths of a filesystem
Dredge is a linux command-line tool for finding and logging secrets on a filesystem for manual inspection:
https://github.com/grahamhelton/dredge
Dredge is a linux command-line tool for finding and logging secrets on a filesystem for manual inspection:
https://github.com/grahamhelton/dredge
GitHub
GitHub - grahamhelton/dredge: Dredging up secrets from the depths of the file system
Dredging up secrets from the depths of the file system - grahamhelton/dredge
According official Kali twitter blog post - The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today
Hack via hacker distro?)
CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-3094
🔹 FAQ on the xz-utils backdoor: https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
🔹 Checker vulnerability: https://github.com/FabioBaroni/CVE-2024-3094-checker/blob/main/CVE-2024-3094-checker.sh
🔹 Detection: https://github.com/byinarie/CVE-2024-3094-info
🔹 More details: https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils
Hack via hacker distro?)
CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-3094
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Kali Linux (@kalilinux) on X
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the…
Awesome Azure Penetration Testing
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure:
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure:
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest
GitHub
GitHub - Kyuu-Ji/Awesome-Azure-Pentest: A collection of resources, tools and more for penetration testing and securing Microsofts…
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure. - Kyuu-Ji/Awesome-Azure-Pentest
Python-for-Cybersecurity.pdf
8.3 MB
For offensive / defensive