Unit42:
2024-05-14 (Tuesday): #DarkGate activity. HTML file asks victim to paste script into a run window. Indicators available at bit.ly/4bjvMAC
2024-05-14 (Tuesday): #DarkGate activity. HTML file asks victim to paste script into a run window. Indicators available at bit.ly/4bjvMAC
Forwarded from Peneter.com
Professional.Red.Teaming_Chapter_5.pdf
841.8 KB
کتاب: تیم قرمز حرفهای 📕
فصل پنجم: قوانین تعامل
فهرست مطالب
انواع فعالیتها 81
فیزیکی 82
مهندسی اجتماعی 84
شبکه خارجی 86
شبکه داخلی 87
حرکت در شبکه 88
شبکه بیسیم 90
دسته بندی 91
تقویت نیرو 92
مدیریت حادثه 92
ابزارها 93
الزامات مجوز 94
اطلاعات پرسنل 95
خلاصه فصل پنجم 95
فصل پنجم: قوانین تعامل
فهرست مطالب
انواع فعالیتها 81
فیزیکی 82
مهندسی اجتماعی 84
شبکه خارجی 86
شبکه داخلی 87
حرکت در شبکه 88
شبکه بیسیم 90
دسته بندی 91
تقویت نیرو 92
مدیریت حادثه 92
ابزارها 93
الزامات مجوز 94
اطلاعات پرسنل 95
خلاصه فصل پنجم 95
GlobalThreatReport2024.pdf
4.1 MB
Global Threat Report 2024 CROWDSTRIKE
2024 Cyber Threat Report Huntress.pdf
5.8 MB
2024 Cyber Threat Report Huntress
APT 29 🇷🇺 had security breaches the teamviewer company but according to their first report, hackers did not lateral movement to production segment.
https://www.teamviewer.com/en/resources/trust-center/statement/
source : https://x.com/cyb3rops/status/1806651893344563543?t=7QwPK6W9gSFznr4bAHATaQ&s=19
https://www.teamviewer.com/en/resources/trust-center/statement/
source : https://x.com/cyb3rops/status/1806651893344563543?t=7QwPK6W9gSFznr4bAHATaQ&s=19
⚠️⚠️ CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems
https://en.fofa.info/result?qbase64=YXBwPSJPcGVuU1NIIg%3D%3D
poc:https://github.com/zgzhang/cve-2024-6387-poc
https://en.fofa.info/result?qbase64=YXBwPSJPcGVuU1NIIg%3D%3D
poc:https://github.com/zgzhang/cve-2024-6387-poc
FOFA
FOFA Search Engine
FOFA is a Cyberspace search engine. By conducting Cyberspace mapping, it can help researchers or enterprises quickly match network assets, such as vulnerability impact range analysis, application distribution statistics, and application popularity ranking…
👍1
9.4 GB Twitter Data Leaked – Over 200 Million Records Exposed Online 🤔
https://cyberpress.org/9-4gb-twitter-data-leaked-online/?amp=1
https://cyberpress.org/9-4gb-twitter-data-leaked-online/?amp=1
Cyber Security News
9.4 GB Twitter Data Leaked - Over 200 Million Records Exposed Online - Exclusive!
The Cyberpress Research Team made a significant discovery with the Massive 9.4 GB of X (Formerly the Twitter) Database.
⚠️⚠️The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 and 8.8p1 shipped with Red Hat Enterprise Linux 9.
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html?m=1
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html?m=1
GitHub
openssh-portable/README.privsep at master · openssh/openssh-portable
Portable OpenSSH. Contribute to openssh/openssh-portable development by creating an account on GitHub.
The CVE-2024-26229 vulnerability in the Windows CSC Service is being exploited with proof-of-concept (PoC) exploit code available on GitHub. This high-severity vulnerability could allow attackers to gain SYSTEM privileges on a Windows system, posing a significant risk. This type of elevation of privilege flaw can lead to severe security breaches, and there is potential for it to be used by threat actors, although it is not specified if ransomware groups are involved. It is crucial for users to apply the patch released by Microsoft to mitigate the risk of exploitation.
https://securityvulnerability.io/vulnerability/CVE-2024-26229
https://securityvulnerability.io/vulnerability/CVE-2024-26229
securityvulnerability.io
CVE-2024-26229 : Windows CSC Service Elevation of Privilege Vulnerability
Forwarded from Peneter Tools (Soheil Hashemi)
Process injection alternative
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
GitHub
GitHub - CICADA8-Research/IHxExec: Process injection alternative
Process injection alternative. Contribute to CICADA8-Research/IHxExec development by creating an account on GitHub.
FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
SentinelOne
FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
This research explores how FIN7 has adopted automated attack methods and developed defense evasion techniques previously unseen in the wild.
the Antivirus Event Analysis Cheat Sheet to version 1.13.0
- new shellcode detections added
- more extensions: .VBE, .MSC, .XLL, .WLL
https://www.nextron-systems.com/2024/07/17/antivirus-event-analysis-cheat-sheet-v1-13-0/
- new shellcode detections added
- more extensions: .VBE, .MSC, .XLL, .WLL
https://www.nextron-systems.com/2024/07/17/antivirus-event-analysis-cheat-sheet-v1-13-0/