U.S. cybersecurity agency warns of a critical flaw (CVE-2023-3519) in Citrix NetScaler ADC and Gateway devices being exploited by hackers to drop web shells on vulnerable systems.
Learn more: https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

exploit
Windows 11 Exploits
(CVE-2023-24892, CVE-2023-33131, CVE-2022-30129, CVE-2023-33137, CVE-2023-33145, CVE-2023-33148, ...)
https://github.com/nu11secur1ty/Windows11Exploits

tools
Red Team Tactics
ADHunt v2.0 - tool for exploiting Active Directory Enviroments
https://github.com/Auto19/ADHunt


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

Protecting local governments from ransomware attacks is crucial! Implementing robust password policies is a step towards enhanced security. Check out tools like Specops Password Policy to keep your organization safe!

Read: https://thehackernews.com/2023/07/local-governments-targeted-for.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

Improve your API Security Testing with Burp BCheck Scripts.
https://danaepp.com/improve-your-api-security-testing-with-burp-bcheck-scripts


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

-110-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

-عاشقان را گر چه در باطن جهاني ديگرست
عشق آن دلدار ما را ذوق و جاني ديگرست-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

-👍🏽-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

-جاي همه رفتگان در محرم ١٤٠٢ خالي-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

-❤️🖤-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.30

#DiyakoSecureBow

Adware
When adware first emerged, its intent was primarily to learn a user’s habits for the purpose of targeted advertising. As the practice of gathering information on users became more malicious, more people began to call it spyware. However, some traditional adware still exists. Internet marketers have become very sophisticated and use a combination of web analytics with behavioral analytics to track user activity. They then provide targeted ads based on past user activity.

The term adware also applies to software that is free but includes advertisements. The user understands that the software will show advertisements and has the option to purchase a version of the software that does not include the ads. All of this is aboveboard without any intention of misleading the user.

Spyware
Spyware is software installed on users’ systems without their awareness or consent. Its purpose is often to monitor the user’s computer and the user’s activity. Spyware takes some level of control over the user’s computer to learn information and sends this information to a third party. If spyware can access a user’s private data, it results in a loss of confidentiality.

Some examples of spyware activity are changing a user’s home page, redirecting web browsers, and installing additional software within the browser. In some situations, these changes can slow a system down, resulting in poorer performance. These examples are rather harmless compared with what more malicious spyware (called privacy-invasive software) might do.

Privacy-invasive software tries to separate users from their money using data-harvesting techniques. It attempts to gather information to impersonate users, empty bank accounts, and steal identities. For example, some spyware includes keyloggers. The spyware periodically reads the data stored by the keylogger, and sends it to the attacker. In some instances, the spyware allows the attacker to take control of the user’s system remotely.

Spyware is often included with other software like a Trojan. The user installs one application but unknowingly gets some extras. Spyware can also infect a system in a drive-by download. The user simply visits a malicious web site that includes code to automatically download and install the spyware onto the user’s system.

-Business Secure Continuity-
1402.04.31

#malware #spyware #adware #antivirus #antimalware #sophos #symantec #bitdefender #windowsdesktopadministration #edr #recovery #vmware #avg #mcafee #paloaltonetworks #virus #sandbox #splunk
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-malware-spyware-activity-7088392582094798848-gFvC?utm_source=share&utm_medium=member_ios

tools
Blue Team Techniques
Basic Citrix Scanner for CVE-2023-3519
https://github.com/telekom-security/cve-2023-3519-citrix-scanner

https://github.com/SalehLardhi/CVE-2023-3519


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.31

٣٧٤: بيا تا گل برافشانيم و مي در ساغر اندازيم
بيا تا گل برافشانيم و مي در ساغر اندازيم
فلک را سقف بشکافيم و طرحي نو دراندازيم
اگر غم لشکر انگيزد که خون عاشقان ريزد
من و ساقي به هم تازيم و بنيادش براندازيم
شراب ارغواني را گلاب اندر قدح ريزيم
نسيم عطرگردان را شکر در مجمر اندازيم
چو در دست است رودي خوش بزن مطرب سرودي خوش
که دست افشان غزل خوانيم و پاکوبان سر اندازيم
صبا خاک وجود ما بدان عالي جناب انداز
بود کآن شاه خوبان را نظر بر منظر اندازيم
يکي از عقل مي لافد يکي طامات مي بافد
بيا کاين داوري ها را به پيش داور اندازيم
بهشت عدن اگر خواهي بيا با ما به ميخانه
که از پاي خمت روزي به حوض کوثر اندازيم
سخنداني و خوشخواني نمي ورزند در شيراز
بيا حافظ که تا خود را به ملکي ديگر اندازيم

-…-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.31

Red Team Tactics
MalRDP: Implementing Rouge RDP Manually
https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.31

مياي مرور كني:
Some accidents break your heart but also open your eyes. This is considered a victory.
بعضی اتفاقا دلت رو میشکنن، اما چشمات رو باز میکنن!
اینارو برد حساب کن...

بعد با اين اتمام ميكني:
فلک به مردم نادان دهد زمام مراد
تو اهل فضلی و دانش همین گناهت بس🙃

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.04.31

#DiyakoSecureBow

Malware Analysis Tools 2023

1- IP & URL Reputation
✅1. Virus Total : https://lnkd.in/eweERpju
✅2. URL Scan : https://urlscan.io/
✅3. AbuseIPDB: https://www.abuseipdb.com/
✅4. Cisco Talos: https://lnkd.in/g7uWdC5q
✅5. IBM X-Force: https://lnkd.in/gt8iyHE5
✅6. URL Filtering(Palo Alto): https://lnkd.in/e4bkm5Eq
✅7. URL Filtering(Symantec): https://lnkd.in/g4qQGsHG
✅8. IP Void: https://www.ipvoid.com/
✅9. URL Void: https://www.urlvoid.com/
…

2- File | Hash | Search | Analysis | Sandboxing
✅ 1. File Extension
https://filesec.io
✅ 2. LOLBAS
https://lnkd.in/dDa8XgiM
✅ 3. GTFOBins
https://lnkd.in/dRVzVz87
✅ 4. File Hash Check
https://lnkd.in/gNqxtn4d
✅ 5. Hash Search
https://lnkd.in/eMjdTB2t
✅ 6. Hash Search
https://www.malwares.com
✅ 7. MetaDefender
https://lnkd.in/e6r4mGv5
✅ 8. Kaspersky Threat Intel
https://lnkd.in/eSNMn7au
✅ 9. Cuckoo Sabdbox
https://cuckoosandbox.org
✅ 10. AnyRun Online sandboxing
https://any.run
✅ 11. Hybrid-Analysis
https://lnkd.in/gaRGY8kB
✅ 12. Joe Sandbox
https://lnkd.in/gTJJ9GiC
✅ 13. VMRay Sandbox
https://www.vmray.com
✅ 14. Triage
https://tria.ge/
✅ 15. Browser Sandbox
https://lnkd.in/gjA-QqdX
…

3- Getting File hash
✅ HashTools Windows
https://lnkd.in/gTjru2RQ
Powershell :
Get-FileHash -Path C:\path\to\file.txt -Algorithm MD5
Get-FileHash -InputObject "This is a string" -Algorithm MD5
✅QuickHash MacOS
https://lnkd.in/gZc8FYpU
Terminal: shasum -a 256 filename
…

4- Find Suspicious Artifacts | Reverse Engineer | Debug Files
✅ 1. PeStudio: https://lnkd.in/gjYKbyge
✅ 2. CFF Explorer: https://lnkd.in/ggTCTeAi
✅ 3. DocGuard files: https://www.docguard.io/
✅ 4. File Scan: https://lnkd.in/ejBt5R7C
✅ 5. Ghidra: https://ghidra-sre.org/
✅ 6. IDA Pro: https://lnkd.in/eWA9MnMY
✅ 7. Radare2/Cutter: https://lnkd.in/gV4k5Gsw
https://lnkd.in/gdb3MQn2
…

5- Monitor System Resources | Detect malware
✅ 1. Process Hacker >> https://lnkd.in/gxV3PAnG
✅ 2. Process Monitor >> https://lnkd.in/gPqzyB7K
✅ 3. ProcDot >> https://www.procdot.com/
✅ 4. Autoruns >> https://lnkd.in/gkZqkZrd
✅ 5. TcpView >>https://lnkd.in/gQZM_SJz
…

6- Web proxy
✅ Fiddler >> https://lnkd.in/gnJ9BvFN
…

7- Malware Samples - Abuse.ch
✅ 1. MalwareBazaar ==> https://bazaar.abuse.ch/
✅ 2. FeodoTracker ==> https://lnkd.in/gyN_diCQ
✅ 3. SSLBlacklist ==> https://sslbl.abuse.ch/
✅ 4. URLHaus ==> https://urlhaus.abuse.ch/
✅ 5. ThreatFox ==> https://lnkd.in/gB2gDZUd
✅ 6. YARAIfy ==> https://yaraify.abuse.ch/
…

8- Malware Traffic | Pcap & Malware Samples
✅ https://lnkd.in/gw5hcXDp

+Free Malware Analysis Trainings
Malware Analysis BootCamp >> https://lnkd.in/gJCUyyvr
Malware Analysis In 5+ Hours >> https://lnkd.in/eTyuau69
…

-Business Secure Continuity-
1402.05.01

#malware #spyware #adware #antivirus #antimalware #sophos #symantec #bitdefender #windowsdesktopadministration #edr #recovery #vmware #avg #mcafee #paloaltonetworks #virus #sandbox #splunk #sandbox #malwareanalysis #malwaredetection
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-malware-spyware-activity-7088877796575338496-nkVf?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Threat Research
OWASP Top 10 for LLMs (AI models) 2023

-Business Secure Continuity-
1402.04.31

#businessadvisor #cyberdefense #data #gpt4 #ai #cybersecurityawareness #cybersecuritytraining #cybercrime #cyberdefense #networksecurity
#securityaudit #intelligenceéconomique #analytics #research #mal #malware #reverseengineering #engineering #team #business #software #security
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_owasp-top-10-4-llms-2023-activity-7088782297784537088-G62u?utm_source=share&utm_medium=member_ios

Blue Team Techniques
Accurately fingerprint/detect vulnerable (and patched) versions of Netscaler/Citrix ADC to CVE-2023-3519
https://github.com/securekomodo/citrixInspector


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.01

-✔️-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.01

#DiyakoSecureBow

Free Certification
Splunk Certified Cybersecurity Defense Analyst

https://lnkd.in/eDsFVvyj

https://lnkd.in/dipKnE7

-Business Secure Continuity-
1402.05.02

#malware #spyware #adware #antivirus #antimalware #sophos #symantec #bitdefender #windowsdesktopadministration #edr #recovery #vmware #avg #mcafee #paloaltonetworks #virus #sandbox #splunk #sandbox #malwareanalysis #malwaredetection #uba #soar #socanalyst
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_splunk-certified-cybersecurity-defense-analyst-activity-7089125803061305344-nryI?utm_source=share&utm_medium=member_ios

‏

سلوک گاهی در رفتن است گاهی در ماندن.
سفر گاهی آفاقی است، گاهی انفسی.
باید مدام مسافر بود اما نه همیشه از شهری به شهری که شاید از دمی به دمی در اقلیم سینه در  حوالی دل.این روزها خانه، خانقاه سالکان است. باید چله‌ای نشست به اندیشیدن، به بازخوانی
خویش، به فهمیدن آنچه نامش
زندگی‌ست ...


- چنگ زدن به شاخص كم رنگ شده امروز به نام شرافت …

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.02