#Whitepaper
"Security-Hardening Software Libraries with Ada and SPARK: A TCP Stack Use Case", 2021.

TCP is the most widely used network protocol to communicate on the Inter￾net. Thus, ensuring the TCP/IP stack’s safety is an essential step towards safer cyber-physical systems. Existing research deals with formally verify￾ing protocols of other TCP/IP stack levels. For example, the work in miTLS [3] formally verifies an SSL/TLS protocol implementation, and the work in [7] uses a technology called RecordFlux to safely parse data segments.

📚 t.iss.one/Library_Sec

#Research
#hardening
"SCFI: State Machine Control-Flow Hardening Against Fault Attacks", 2022.

Fault injection (FI) is a powerful attack methodology allowing an adversary to entirely break the security of a target device. As finite state machines (FSMs) are fundamental hardware building blocks responsible for controlling systems, inducing faults into these con trollers enables an adversary to hijack the execution of the inte grated circuit. A common defense strategy mitigating these attacks is to manually instantiate FSMs multiple times and detect faults using a majority voting logic.

📚

#Offensive_security
"Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection"


Process Injection is a technique to hide code behind benign and/or system processes. This technique is usually used by malwares to gain stealthiness while performing malicious operations on the system. AVs/EDR solutions are aware of this technique and create detection patterns to identify and kill this "class" of attacks.

📚

📚 t.iss.one/Library_Sec

Offensive Security Defense Analyst (OSDA) Notes Part1
#Blueteam #SOC #Purpleteam #OSDA

Mastering Malware Analysis.
Second Edition.

A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks.
Alexey Kleymenov, Amr Thabet

#Malware_Analysis
📚

🤖 ChatGPT for Cybersecurity

#AIOPS #DarkGPT

SANS SEC595: Applied Data Science and Machine Learning for Cybersecurity Professionals
VM + Exercises
⚙

SANS SEC595: Applied Data Science and Machine Learning for Cybersecurity Professionals
( PDF )
#Sans
Share & Support Us
📚

#Hardware_Security
"JunosOS Attack Detection and Prevention User Guide for Security Devices", 2022.

#Threat_Research
"Investigating Web Shells", 2022.
]-> https://blog.gigamon.com/2022/09/28/investigating-web-shells

A web shell is an internet-accessible malicious file implanted in a victim web server’s file
system that enables an attacker to execute commands by visiting a web page. Once placed
on a compromised web server, it allows an attacker to perform remote command execution
to the operating system running on the host machine. The web shell provides the attacker
with a form of persistence in the compromised system and the potential to further pivot
through the network to compromise hosts and data that may not otherwise be externally
accessible.

#Whitepaper
"Lazarus & Byovd: Evil to the Windows Core", 2022.

In October 2021, we recorded an attack on an endpoint of a corporate network in the Netherlands [1]. Various types of
malicious tools were deployed onto the victim’s computer, many of which can confidently be attributed to the infamous
Lazarus threat actor [2]. Besides usual malware like HTTP(S) backdoors, downloaders and uploaders, one sample attracted
our curiosity – an 88,064-byte user-mode dynamically linked library with internal name FudModule. Its functionality is the
main subject of this paper.

📚 t.iss.one/Library_Sec

Windows has user privileges such as SeDebugPrivilege, SeImpersonatePrivilege, SeBackupPrivilege and others. They can even be used to elevate privileges on the system. And most likely, everyone in their life had the idea to test the promotion on the stand, at that moment everyone asked the question: "how to give the user these privileges?". Actually it's not that easy, you need to edit the GPO and reboot the host. But a respected researcher has introduced the Privileger tool, which will allow you to quickly and easily grant the right privilege to any user in 2 elegant ways:
1. Through the LSA by calling the LsaAddAccountRights() function
2. Through the creation of a process with the addition of the necessary privileges to the access token.
And also for debugging or during a pentest, it will help you find the necessary privilege for users on nodes in the network.
#windows #privilege

📚 t.iss.one/Library_Sec

"Hidden in Plain Sight: Exploring Encrypted Channels in Android apps", 2022.

"ThreatPro: Multi-Layer Threat Analysis in the Cloud", 2022.
#Cloud_Security
#Threat_Research