SANS_SEC595_Applied_Data_Science_and_Machine_Learning_for_Cybersecurity.pdf
58.5 MB
SANS SEC595: Applied Data Science and Machine Learning for Cybersecurity Professionals
( PDF )
#Sans
Share & Support Us
📚
( PDF )
#Sans
Share & Support Us
📚
Sec_Devices_Guide.pdf
1.9 MB
#Hardware_Security
"JunosOS Attack Detection and Prevention User Guide for Security Devices", 2022.
"JunosOS Attack Detection and Prevention User Guide for Security Devices", 2022.
IWS.pdf
2.1 MB
#Threat_Research
"Investigating Web Shells", 2022.
]-> https://blog.gigamon.com/2022/09/28/investigating-web-shells
A web shell is an internet-accessible malicious file implanted in a victim web server’s file
system that enables an attacker to execute commands by visiting a web page. Once placed
on a compromised web server, it allows an attacker to perform remote command execution
to the operating system running on the host machine. The web shell provides the attacker
with a form of persistence in the compromised system and the potential to further pivot
through the network to compromise hosts and data that may not otherwise be externally
accessible.
"Investigating Web Shells", 2022.
]-> https://blog.gigamon.com/2022/09/28/investigating-web-shells
A web shell is an internet-accessible malicious file implanted in a victim web server’s file
system that enables an attacker to execute commands by visiting a web page. Once placed
on a compromised web server, it allows an attacker to perform remote command execution
to the operating system running on the host machine. The web shell provides the attacker
with a form of persistence in the compromised system and the potential to further pivot
through the network to compromise hosts and data that may not otherwise be externally
accessible.
Lazarus_Byovd.pdf
3.2 MB
#Whitepaper
"Lazarus & Byovd: Evil to the Windows Core", 2022.
In October 2021, we recorded an attack on an endpoint of a corporate network in the Netherlands [1]. Various types of
malicious tools were deployed onto the victim’s computer, many of which can confidently be attributed to the infamous
Lazarus threat actor [2]. Besides usual malware like HTTP(S) backdoors, downloaders and uploaders, one sample attracted
our curiosity – an 88,064-byte user-mode dynamically linked library with internal name FudModule. Its functionality is the
main subject of this paper.
"Lazarus & Byovd: Evil to the Windows Core", 2022.
In October 2021, we recorded an attack on an endpoint of a corporate network in the Netherlands [1]. Various types of
malicious tools were deployed onto the victim’s computer, many of which can confidently be attributed to the infamous
Lazarus threat actor [2]. Besides usual malware like HTTP(S) backdoors, downloaders and uploaders, one sample attracted
our curiosity – an 88,064-byte user-mode dynamically linked library with internal name FudModule. Its functionality is the
main subject of this paper.
windows_privileges.pdf
123.5 KB
Windows has user privileges such as SeDebugPrivilege, SeImpersonatePrivilege, SeBackupPrivilege and others. They can even be used to elevate privileges on the system. And most likely, everyone in their life had the idea to test the promotion on the stand, at that moment everyone asked the question: "how to give the user these privileges?". Actually it's not that easy, you need to edit the GPO and reboot the host. But a respected researcher has introduced the Privileger tool, which will allow you to quickly and easily grant the right privilege to any user in 2 elegant ways:
1. Through the LSA by calling the LsaAddAccountRights() function
2. Through the creation of a process with the addition of the necessary privileges to the access token.
And also for debugging or during a pentest, it will help you find the necessary privilege for users on nodes in the network.
#windows #privilege
1. Through the LSA by calling the LsaAddAccountRights() function
2. Through the creation of a process with the addition of the necessary privileges to the access token.
And also for debugging or during a pentest, it will help you find the necessary privilege for users on nodes in the network.
#windows #privilege
Hidden_in_Plain_Sight.pdf
862.4 KB
"Hidden in Plain Sight: Exploring Encrypted Channels in Android apps", 2022.
WindTape.pdf
18.1 MB
"Unmasking WindTape: an in-depth analysis of OSX.WindTape", 2022.
#Malware_analysis
#Malware_analysis
DaNuoYi.pdf
1.7 MB
"DaNuoYi: Evolutionary Multi-Task Injection Testing on Web Application Firewalls", 2022.
]-> Multitask Injection Generation Tool:
https://github.com/yangheng95/DaNuoYi
]-> Multitask Injection Generation Tool:
https://github.com/yangheng95/DaNuoYi
Matrix.pdf
199.4 KB
"Practically-exploitable Cryptographic Vulnerabilities in Matrix Communication Protocol", 2022.
#cryptography
#cryptography
CacheQL.pdf
2.1 MB
"CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software", 2022.
redteam_with_onenote (1).pdf
576.3 KB
#Red_Team
RedTeam With OneNote Sections
1. Not affected by Protected View/ MOTW
2. Allows embedding Malicious Excel/Word/PPT files that will be played without protected view
3. Allows embedding HTA, LNK, EXE files and spoof extensions
4. Possible to format document in a way user are tricked into opening a malicious file or a link
RedTeam With OneNote Sections
1. Not affected by Protected View/ MOTW
2. Allows embedding Malicious Excel/Word/PPT files that will be played without protected view
3. Allows embedding HTA, LNK, EXE files and spoof extensions
4. Possible to format document in a way user are tricked into opening a malicious file or a link