AS-22-Korkos-AMSI-and-Bypass.pdf
1.3 MB
🔥AMSI Unchained
Review Of Known AMSI Bypass Techniques And Introducing A New One
#RedTeam
#BlackHat2022
🔉@InfoSecTube
📌youtube channel
Review Of Known AMSI Bypass Techniques And Introducing A New One
#RedTeam
#BlackHat2022
🔉@InfoSecTube
📌youtube channel
🔥AMSI BYPASS METHODS
01- https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
02- https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
03- https://gustavshen.medium.com/bypass-amsi-on-windows-11-75d231b2cac6
04- https://medium.com/@nullx3d/amsi-overview-and-bypass-methods-76b9d5896eb5
05- https://medium.com/@two06/amsi-as-a-service-automating-av-evasion-2e2f54397ff9
🔉@InfoSecTube
📌youtube channel
01- https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
02- https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
03- https://gustavshen.medium.com/bypass-amsi-on-windows-11-75d231b2cac6
04- https://medium.com/@nullx3d/amsi-overview-and-bypass-methods-76b9d5896eb5
05- https://medium.com/@two06/amsi-as-a-service-automating-av-evasion-2e2f54397ff9
🔉@InfoSecTube
📌youtube channel
Pentest Laboratories
AMSI Bypass Methods
Microsoft has developed AMSI (Antimalware Scan Interface) as a method to defend against common malware execution and protect the end user. By default windows defender interacts with the AMSI API to…
Matt_Hand_Evading_EDR_The_Definitive_Guide_to_Defeating_Endpoint.pdf
5.8 MB
📒Evading EDR
The Definitive Guide To Defeating Endpoint Detection Systems
#RedTeam
🔉@InfoSecTube
📌youtube channel
The Definitive Guide To Defeating Endpoint Detection Systems
#RedTeam
🔉@InfoSecTube
📌youtube channel
👍1
⚠️ Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation ⚠️
🔗Read
🔉@InfoSecTube
📌youtube channel
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.🔗Read
🔉@InfoSecTube
📌youtube channel
Darkreading
Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
👍2
Gray Hat C#.pdf
5 MB
📒 Gray Hat C#
A Hacker's Guide to Creating and Automating Security Tools
304 pages
Publisher: No Starch Press
1st Edition
🔉@InfoSecTube
📌youtube channel
A Hacker's Guide to Creating and Automating Security Tools
304 pages
Publisher: No Starch Press
1st Edition
🔉@InfoSecTube
📌youtube channel
👍3
OSDA-Soc200.pdf
39.7 MB
📕 SOC-200: Foundational Security
Operations and Defensive Analysis
OSDA Certification
Publisher: Offensive Security
618 Pages
🔉@InfoSecTube
📌youtube channel
Operations and Defensive Analysis
OSDA Certification
Publisher: Offensive Security
618 Pages
🔉@InfoSecTube
📌youtube channel
🖥آموزشهای رایگان SIEM
معرفی منابع آموزشی و فیلم های آموزشی ارزشمند و بروز SIEM:
✔️General:
⌘ Windows Logging Basics
⌘ Jose Bravo - What is a SIEM? (5 Vídeos):
⌘ PowerSIEM Analyzing Sysmon Events with PowerShell
✔️AlienVault OSSIM :
⌘ Cybrary - AlienVault OSSIM
✔️Elastic - SIEM :
⌘ Fundamentals
✔️ArcSight :
⌘ Paul Brettle - What is Series
⌘ Paul Brettle - ArcSight ESM 101
⌘ ArcSight Tutorial
✔️QRadar
⌘ Jose Bravo - QRadar
⌘ QRadar SIEM
✔️Splunk
⌘ What is Splunk?
⌘ Intro to Splunk
⌘ Using Fields
⌘ Scheduling Reports & Alerts
⌘ Visualizations
⌘ Search Under the Hood
⌘ Basic Searching
⌘ Splunk - Intro to Knowledge Objects
⌘ Splunk - Intro to Dashboards
⌘ Practical Splunk - Zero to Hero
⌘ Splunk Use Cases
✔️Microsoft Sentinel
⌘ What is Microsoft Sentinel
⌘ Microsoft Sentinel Level 400 training
✔️ Forti SIEM :
⌘ Forti SIEM 6.3 Self-Paced
🔉@InfoSecTube
📌youtube channel
معرفی منابع آموزشی و فیلم های آموزشی ارزشمند و بروز SIEM:
✔️General:
⌘ Windows Logging Basics
⌘ Jose Bravo - What is a SIEM? (5 Vídeos):
⌘ PowerSIEM Analyzing Sysmon Events with PowerShell
✔️AlienVault OSSIM :
⌘ Cybrary - AlienVault OSSIM
✔️Elastic - SIEM :
⌘ Fundamentals
✔️ArcSight :
⌘ Paul Brettle - What is Series
⌘ Paul Brettle - ArcSight ESM 101
⌘ ArcSight Tutorial
✔️QRadar
⌘ Jose Bravo - QRadar
⌘ QRadar SIEM
✔️Splunk
⌘ What is Splunk?
⌘ Intro to Splunk
⌘ Using Fields
⌘ Scheduling Reports & Alerts
⌘ Visualizations
⌘ Search Under the Hood
⌘ Basic Searching
⌘ Splunk - Intro to Knowledge Objects
⌘ Splunk - Intro to Dashboards
⌘ Practical Splunk - Zero to Hero
⌘ Splunk Use Cases
✔️Microsoft Sentinel
⌘ What is Microsoft Sentinel
⌘ Microsoft Sentinel Level 400 training
✔️ Forti SIEM :
⌘ Forti SIEM 6.3 Self-Paced
🔉@InfoSecTube
📌youtube channel
👍1
✔️CVE-2023-5480: Chrome new XSS Vector
Google evaluated it at $16,000
ReadMe
🔉@InfoSecTube
📌youtube channel
Google evaluated it at $16,000
ReadMe
🔉@InfoSecTube
📌youtube channel
❤1
✔️Jenkins Security Advisory 2024-01-24
Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.
This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
💀poc
😈ReadMe
🔉@InfoSecTube
📌youtube channel
Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.
This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
💀poc
😈ReadMe
🔉@InfoSecTube
📌youtube channel
GitHub
GitHub - binganao/CVE-2024-23897
Contribute to binganao/CVE-2024-23897 development by creating an account on GitHub.
💮How to Detect Malware C2 with DNS Status Codes
DNS-specific status codes are often encountered when dealing with DNS queries and responses:
❌DNS Response Code 0: No Error (NOERROR)
Indicates that the query was successful, and the requested data is in the answer section of the response.
❌DNS Response Code 3: Name Error (NXDOMAIN)
Indicates that the domain name does not exist.
❌DNS Response Code 5: Refused
Indicates that the DNS server refused to process the query.
❌DNS Response Code 9: Server Failure (SERVFAIL)
Indicates a general failure in the DNS server.
ReadMe
🔉@InfoSecTube
📌youtube channel
DNS-specific status codes are often encountered when dealing with DNS queries and responses:
❌DNS Response Code 0: No Error (NOERROR)
Indicates that the query was successful, and the requested data is in the answer section of the response.
❌DNS Response Code 3: Name Error (NXDOMAIN)
Indicates that the domain name does not exist.
❌DNS Response Code 5: Refused
Indicates that the DNS server refused to process the query.
❌DNS Response Code 9: Server Failure (SERVFAIL)
Indicates a general failure in the DNS server.
ReadMe
🔉@InfoSecTube
📌youtube channel
Security Investigation - Be the first to investigate
How to Detect Malware C2 with DNS Status Codes - Security Investigation
DNS (Domain Name System) status codes, also known as DNS response codes or DNS error codes, are numerical codes that indicate the outcome of a DNS query. When a device, such as a web browser, tries to access a domain name (like www.example.com), it sends…
🔰 دریافت اشتراک 3 ماهه برنامه های Avira (فیلترشکن، آنتی ویروس و...)
• ابتدا وارد لینک زیر شوید و ایمیل خودتون رو وارد کنید.
🌐 Link
• بعد از تایید ایمیل برای اکانت یه رمز انتخاب کنید و اطلاعات خواسته شده رو پر کنید. خودکار وارد پنل میشید و اشتراک Avira Prime براتون فعال میشه.
❗️ بعد از نصب برنامه هایی که نیاز دارید با وارد کردن ایمیل و پسورد به برنامه دسترسی پیدا میکنید.
🔉@InfoSecTube
📌youtube channel
• ابتدا وارد لینک زیر شوید و ایمیل خودتون رو وارد کنید.
🌐 Link
• بعد از تایید ایمیل برای اکانت یه رمز انتخاب کنید و اطلاعات خواسته شده رو پر کنید. خودکار وارد پنل میشید و اشتراک Avira Prime براتون فعال میشه.
❗️ بعد از نصب برنامه هایی که نیاز دارید با وارد کردن ایمیل و پسورد به برنامه دسترسی پیدا میکنید.
🔉@InfoSecTube
📌youtube channel
❤1👍1
What is bluejacking?
Bluejacking is an attack in which someone sends unsolicited messages to a Bluetooth-enabled device. The target must be within their Bluetooth range for the attack to work. It’s relatively simple to bluejack a phone, although it’s not a common practice these days.
Bluetooth is wireless a connection that links phones and other devices together. Although it’s not as popular now as its creators expected — having been supplanted by Wi-fi in many use-cases — most devices still come with Bluetooth functionality.
🔉@InfoSecTube
📌youtube channel
Bluejacking is an attack in which someone sends unsolicited messages to a Bluetooth-enabled device. The target must be within their Bluetooth range for the attack to work. It’s relatively simple to bluejack a phone, although it’s not a common practice these days.
Bluetooth is wireless a connection that links phones and other devices together. Although it’s not as popular now as its creators expected — having been supplanted by Wi-fi in many use-cases — most devices still come with Bluetooth functionality.
🔉@InfoSecTube
📌youtube channel
👍1
❌In Sinkhole attack, the compromised node lures all the traffic from its neighboring area creating a sinkhole in the center. The attacker or compromised node attracts all its neighbour's data. The attacker tries to present itself as the most attractive relay in the neighbourhood.
🔉@InfoSecTube
📌youtube channel
🔉@InfoSecTube
📌youtube channel
❤1
✔️ فناوری Optic ID یا همان سیستم احراز هویت جدید ویژن پرو چیست؟
▪️فناوری Optic ID قابلیت تشخیص منحصر به فرد عنبیه چشم کاربر را دارد و به وسیله آن میتوان قفل ویژن پرو را باز کرد. اپل ادعا میکند که اپلیکیشنهایی که از Face ID و Touch ID پشتیبانی میکنند، به طور خودکار از Optic ID نیز پشتیبانی میکنند.
▪️این روش احراز هویت به طور پیشفرض هر دو چشم کاربر را اسکن میکند و الگوی ثبتشده را بروزرسانی میکند، زیرا اندازه عنبیه و مردمک چشم در شرایط نوری مختلف تغییر میکند.
▪️اپل با اشاره به استفاده از "سختافزار و نرمافزار پیشرفته" ادعا میکند که Optic ID برای تشخیص دقیق عنبیه استفاده میشود و با استانداردهای ایمنی بینالمللی مطابقت دارد، همچنین آسیبی به چشم یا پوست کاربران نمیرساند.
🔉@InfoSecTube
📌youtube channel
▪️فناوری Optic ID قابلیت تشخیص منحصر به فرد عنبیه چشم کاربر را دارد و به وسیله آن میتوان قفل ویژن پرو را باز کرد. اپل ادعا میکند که اپلیکیشنهایی که از Face ID و Touch ID پشتیبانی میکنند، به طور خودکار از Optic ID نیز پشتیبانی میکنند.
▪️این روش احراز هویت به طور پیشفرض هر دو چشم کاربر را اسکن میکند و الگوی ثبتشده را بروزرسانی میکند، زیرا اندازه عنبیه و مردمک چشم در شرایط نوری مختلف تغییر میکند.
▪️اپل با اشاره به استفاده از "سختافزار و نرمافزار پیشرفته" ادعا میکند که Optic ID برای تشخیص دقیق عنبیه استفاده میشود و با استانداردهای ایمنی بینالمللی مطابقت دارد، همچنین آسیبی به چشم یا پوست کاربران نمیرساند.
🔉@InfoSecTube
📌youtube channel
👍3