Alaid TechThread
@offensive_thread
717
subscribers
6
photos
1
video
85
files
1.32K
links
Vulnerability discovery, threat intelligence, reverse engineering, AppSec
Download Telegram
Join
Alaid TechThread
717 subscribers
Alaid TechThread
https://twitter.com/GossiTheDog/status/920635876375449600
Twitter
Kevin Beaumont
🤨
Remember the Word DDE issue found by @sensepost? Copy the DDE from Word into Outlook, then email it to somebody.. No attachment -> calc.
Alaid TechThread
https://twitter.com/HelpDeskMan/status/920757979401605122
Twitter
HDM
@theglennbarrett @GossiTheDog @rem1nd_ @sensepost Discovered in Office 2016 you need to add a picture to the email first. Then set Rich Text. Add DDE. Send. Reply. Exploit. #DDE
Alaid TechThread
https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Talosintelligence
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Alaid TechThread
https://habrahabr.ru/company/pentestit/blog/336900/
Habr
Маскировка UDP трафика в TCP/ICMP при помощи udp2raw
В данной статье речь пойдет про утилиту udp2raw, которая позволяет обходить межсетевые экраны, настроенные на блокировку протокола UDP, используя RAW сокеты,...
Alaid TechThread
https://blog.newskysecurity.com/a-huge-wave-of-iot-zombies-are-coming-42d61d6cada0
NewSky Security
A Huge Wave of IoT Zombies Is Coming
Introduction
Alaid TechThread
https://bartblaze.blogspot.ru/2017/10/comparing-eternalpetya-and-badrabbit.html
bartblaze.blogspot.co.uk
Comparing EternalPetya and BadRabbit
A blog about malware and information security.
Alaid TechThread
https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/
Alaid TechThread
https://twitter.com/malwareunicorn/status/923271986599534593
Twitter
Amanda Rousseau
Here is my analysis of #BadRabbit @EndgameInc https://t.co/D5w0Lo6BZb
Alaid TechThread
#CTF
#Железо
#SMT
https://blog.dragonsector.pl/2017/10/pwn2win-2017-shift-register.html
blog.dragonsector.pl
Pwn2Win 2017 - Shift Register
Disclaimer : I am not an electronics engineer. I just play one on Twitter. A lot of the following might be heresy to someone who ever ...
Alaid TechThread
https://github.com/mwrlabs/OSXFuzz
GitHub
mwrlabs/OSXFuzz
macOS Kernel Fuzzer. Contribute to mwrlabs/OSXFuzz development by creating an account on GitHub.
Alaid TechThread
https://greatscottgadgets.com/pocorgtfo/pocorgtfo16.pdf
Alaid TechThread
https://resources.infosecinstitute.com/common-malware-persistence-mechanisms/#gref
Infosecinstitute
Common malware persistence mechanisms | Infosec
As we know, malware becomes stealthier by somehow achieving persistence on the exploited machine. This helps malware authors to inject/exploit once, and the
Alaid TechThread
https://jumpespjump.blogspot.ru/2015/05/many-ways-of-malware-persistence-that.html
jumpespjump.blogspot.co.uk
Many ways of malware persistence (that you were always afraid to ask)
TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;) Are you into blue teaming? Have to find those p...
Alaid TechThread
Распространенные техники закрепления в системе
Alaid TechThread
https://labs.mwrinfosecurity.com/assets/resourceFiles/DefCon25-UAC-0day-All-Day-v2.2.pdf
Alaid TechThread
https://logrhythm.com/blog/notpetya-technical-analysis/
LogRhythm
NotPetya Technical Analysis | LogRhythm
Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware
Alaid TechThread
https://www.intezer.com/notpetya-returns-bad-rabbit/
Intezer
NotPetya Returns as Bad Rabbit - Intezer
Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations have been hit…
Alaid TechThread
https://marcoramilli.blogspot.ru/2016/06/from-rop-to-lop-bypassing-control-flow.html?m=1
marcoramilli.blogspot.co.uk
From ROP to LOP bypassing Control FLow Enforcement
Hacking, Malware Evasions, Penetration testing, Targeted attacks, Malware analysis and everything related to Cyber Security Field.
Alaid TechThread
Windows Memory Forensics
https://cerbero-blog.com/?p=1682
Alaid TechThread
Статья про угон поддоменов
https://cody.su/blog/hostile-subdomain-takeovers/
Cody Zacharias
Hostile Subdomain Takeovers++
Advanced Hostile Subdomain Takeover discovery techniques and attack scenarios. This article is intended for people already familiar with subdomain takeovers.
Alaid TechThread
и инструмент для скана:
https://github.com/haccer/subjack
GitHub
GitHub - haccer/subjack: Subdomain Takeover tool written in Go
Subdomain Takeover tool written in Go. Contribute to haccer/subjack development by creating an account on GitHub.
