A curated list of threat detection and hunting resources
https://github.com/0x4D31/awesome-threat-detection
https://github.com/0x4D31/awesome-threat-detection
GitHub
GitHub - 0x4D31/awesome-threat-detection: ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️ - 0x4D31/awesome-threat-detection
CVE-2020-0688: REMOTE CODE EXECUTION ON MICROSOFT EXCHANGE SERVER THROUGH FIXED CRYPTOGRAPHIC KEYS
https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
Zero Day Initiative
Zero Day Initiative — CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys
This most recent Patch Tuesday, Microsoft released an Important-rated patch to address a remote code execution bug in Microsoft Exchange Server. This vulnerability was reported to us by an anonymous researcher and affects all supported versions of Microsoft…
Forwarded from r0 Crew (Channel)
DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing
Source: https://github.com/deepbindiff/DeepBinDiff
Article: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24311.pdf
#reverse #dukeBarman
Source: https://github.com/deepbindiff/DeepBinDiff
Article: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24311.pdf
#reverse #dukeBarman
GitHub
GitHub - yueduan/DeepBinDiff: Official repository for DeepBinDiff
Official repository for DeepBinDiff. Contribute to yueduan/DeepBinDiff development by creating an account on GitHub.
Computer accounts lateral movement
https://windowscybersec.com/2020/02/28/computer-accounts-can-move-laterally-too/
https://windowscybersec.com/2020/02/28/computer-accounts-can-move-laterally-too/
‘Cloud Snooper’ Attack Bypasses Firewall Security Measures
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
PRACTICAL THREAT HUNTING: DEVELOPING AND RUNNING A
SUCCESSFUL THREAT HUNTING PROGRAM
https://www.slideshare.net/ArpanRaval2/cyber-threat-hunting-workshop-229493446
SUCCESSFUL THREAT HUNTING PROGRAM
https://www.slideshare.net/ArpanRaval2/cyber-threat-hunting-workshop-229493446
SlideShare
Cyber Threat hunting workshop
Cyber Threat hunting workshop - Download as a PDF or view online for free
Windows Privilege Escalation Guide
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Absolomb
Windows Privilege Escalation Guide
Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can…
Sysmon Threat Analysis Guide
https://www.varonis.com/blog/sysmon-and-threat-detection-exploring-the-sysmon-log/
https://www.varonis.com/blog/sysmon-and-threat-detection-exploring-the-sysmon-log/
Inside Out Security
Sysmon Threat Analysis Guide
In my various pentesting experiments, I'll pretend to be a blue team defender and try to work out the attack. If you have good security eyes, you can search for…
Extracting embedded payloads from malware
https://medium.com/@ryancor/extracting-embedded-payloads-from-malware-aaca8e9aa1a9
https://medium.com/@ryancor/extracting-embedded-payloads-from-malware-aaca8e9aa1a9
Medium
Extracting Embedded Payloads From Malware
One of my all time favorite subfields of reverse engineering is the dissection of viruses. In this article I will be exploring malware…