Alaid TechThread
@offensive_thread
717
subscribers
6
photos
1
video
85
files
1.32K
links
Vulnerability discovery, threat intelligence, reverse engineering, AppSec
Download Telegram
Join
Alaid TechThread
717 subscribers
Alaid TechThread
https://twitter.com/HelpDeskMan/status/920757979401605122
Twitter
HDM
@theglennbarrett @GossiTheDog @rem1nd_ @sensepost Discovered in Office 2016 you need to add a picture to the email first. Then set Rich Text. Add DDE. Send. Reply. Exploit. #DDE
Alaid TechThread
https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Talosintelligence
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Alaid TechThread
https://habrahabr.ru/company/pentestit/blog/336900/
Habr
Маскировка UDP трафика в TCP/ICMP при помощи udp2raw
В данной статье речь пойдет про утилиту udp2raw, которая позволяет обходить межсетевые экраны, настроенные на блокировку протокола UDP, используя RAW сокеты,...
Alaid TechThread
https://blog.newskysecurity.com/a-huge-wave-of-iot-zombies-are-coming-42d61d6cada0
NewSky Security
A Huge Wave of IoT Zombies Is Coming
Introduction
Alaid TechThread
https://bartblaze.blogspot.ru/2017/10/comparing-eternalpetya-and-badrabbit.html
bartblaze.blogspot.co.uk
Comparing EternalPetya and BadRabbit
A blog about malware and information security.
Alaid TechThread
https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/
Alaid TechThread
https://twitter.com/malwareunicorn/status/923271986599534593
Twitter
Amanda Rousseau
Here is my analysis of #BadRabbit @EndgameInc https://t.co/D5w0Lo6BZb
Alaid TechThread
#CTF
#Железо
#SMT
https://blog.dragonsector.pl/2017/10/pwn2win-2017-shift-register.html
blog.dragonsector.pl
Pwn2Win 2017 - Shift Register
Disclaimer : I am not an electronics engineer. I just play one on Twitter. A lot of the following might be heresy to someone who ever ...
Alaid TechThread
https://github.com/mwrlabs/OSXFuzz
GitHub
mwrlabs/OSXFuzz
macOS Kernel Fuzzer. Contribute to mwrlabs/OSXFuzz development by creating an account on GitHub.
Alaid TechThread
https://greatscottgadgets.com/pocorgtfo/pocorgtfo16.pdf
Alaid TechThread
https://resources.infosecinstitute.com/common-malware-persistence-mechanisms/#gref
Infosecinstitute
Common malware persistence mechanisms | Infosec
As we know, malware becomes stealthier by somehow achieving persistence on the exploited machine. This helps malware authors to inject/exploit once, and the
Alaid TechThread
https://jumpespjump.blogspot.ru/2015/05/many-ways-of-malware-persistence-that.html
jumpespjump.blogspot.co.uk
Many ways of malware persistence (that you were always afraid to ask)
TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;) Are you into blue teaming? Have to find those p...
Alaid TechThread
Распространенные техники закрепления в системе
Alaid TechThread
https://labs.mwrinfosecurity.com/assets/resourceFiles/DefCon25-UAC-0day-All-Day-v2.2.pdf
Alaid TechThread
https://logrhythm.com/blog/notpetya-technical-analysis/
LogRhythm
NotPetya Technical Analysis | LogRhythm
Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware
Alaid TechThread
https://www.intezer.com/notpetya-returns-bad-rabbit/
Intezer
NotPetya Returns as Bad Rabbit - Intezer
Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations have been hit…
Alaid TechThread
https://marcoramilli.blogspot.ru/2016/06/from-rop-to-lop-bypassing-control-flow.html?m=1
marcoramilli.blogspot.co.uk
From ROP to LOP bypassing Control FLow Enforcement
Hacking, Malware Evasions, Penetration testing, Targeted attacks, Malware analysis and everything related to Cyber Security Field.
Alaid TechThread
Windows Memory Forensics
https://cerbero-blog.com/?p=1682
Alaid TechThread
Статья про угон поддоменов
https://cody.su/blog/hostile-subdomain-takeovers/
Cody Zacharias
Hostile Subdomain Takeovers++
Advanced Hostile Subdomain Takeover discovery techniques and attack scenarios. This article is intended for people already familiar with subdomain takeovers.
Alaid TechThread
и инструмент для скана:
https://github.com/haccer/subjack
GitHub
GitHub - haccer/subjack: Subdomain Takeover tool written in Go
Subdomain Takeover tool written in Go. Contribute to haccer/subjack development by creating an account on GitHub.
Alaid TechThread
https://techincidents.com/penetration-testing-cheat-sheet/
Tech
Penetration Testing Cheat Sheet For Windows Machine
In the event that your Windows machine has been compromised or for any other reason, this cheat sheet is intended to help.Penetration Testing Cheat Sheet
