Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations https://www.mandiant.com/resources/mapping-dprk-groups-to-government
Google Cloud Blog
Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations | Mandiant | Google Cloud Blog
Mandiant believes North Korea's cyber capability supports political and national security priorities, as well as financial goals.
SunCrypt Ransomware Gains New Capabilities in 2022 https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Rapid7
Managed Threat Complete Solution - Rapid7
Rapid7’s Managed Threat Complete with unlimited incident response and vulnerability management. Contain costs and eliminate threats. Get Started Now.
Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer https://sysdig.com/blog/detect-okta-logs-falco-sysdig/
Sysdig
Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer
Sysdig has released the following binaries that will allow us to collect Okta events and using Falco OOTB rules to detect suspicious activity
Mining data from Cobalt Strike beacons https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
PHP filter_var shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/
pwning.systems
PHP filter_var shenanigans
It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I'll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug!
Introduction to CSRF: How can a cookie get you hacked? (1/2) https://systemweakness.com/introduction-to-csrf-how-can-a-cookie-get-you-hacked-1-2-d34e0a0e6319
Medium
Introduction to CSRF: How can a cookie get you hacked? (1/2)
“We use cookies to enhance your browsing experience, by clicking ACCEPT ALL you consent to our use of cookies”
Forensics tool for NTFS (parser, mft, bitlocker, deleted files) https://github.com/thewhiteninja/ntfstool
GitHub
GitHub - thewhiteninja/ntfstool: Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
Forensics tool for NTFS (parser, mft, bitlocker, deleted files) - GitHub - thewhiteninja/ntfstool: Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
From XSS to RCE (dompdf 0day) https://positive.security/blog/dompdf-rce
positive.security
From XSS to RCE (dompdf 0day) | Positive Security
Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.
C++ Memory Corruption (std::string) - part 4 https://blog.infosectcbr.com.au/2022/03/c-memory-corruption-stdstring-part-4.html
blog.infosectcbr.com.au
C++ Memory Corruption (std::string) - part 4
Summary This is the next part of the C++ memory corruption series*. In this post, we'll look at corrupting the std:string object in Linux...
GitHub Cache Poisoning https://scribesecurity.com/github-cache-poisoning/
CVE-2022-0995 exploit (heap out-of-bounds write in the watch_queue Linux kernel component) https://github.com/Bonfee/CVE-2022-0995
GitHub
GitHub - Bonfee/CVE-2022-0995: CVE-2022-0995 exploit
CVE-2022-0995 exploit. Contribute to Bonfee/CVE-2022-0995 development by creating an account on GitHub.
A Primer On Event Tracing For Windows (ETW) https://nasbench.medium.com/a-primer-on-event-tracing-for-windows-etw-997725c082bf
Medium
Medium
Medium
A Primer On Event Tracing For Windows (ETW)
The holy grail for defenders is being able to detect /stop every attack before / when it happens and to know exactly the how’s no matter the techniques or tools. Unfortunately, we’re still far from…
How to Build a Machine Learning Model https://towardsdatascience.com/how-to-build-a-machine-learning-model-439ab8fb3fb1
Towards Data Science
Building a Basic Machine Learning Model in Python | Towards Data Science
Extensive essay on how to pick the right problem and how to develop a basic classifier
Spring Core on JDK9+ is vulnerable to remote code execution https://www.praetorian.com/blog/spring-core-jdk9-rce/
A step-by-step analysis of the Russian APT Turla backdoor called TinyTurla https://cybergeeks.tech/a-step-by-step-analysis-of-the-russian-apt-turla-backdoor-called-tinyturla/
Active Directory Fundamentals (Part 1)- Basic Concepts https://rootdse.org/posts/active-directory-basics-1/
RootDSE
Active Directory Fundamentals (Part 1)- Basic Concepts
Active Directory penetration dojo by ScarredMonk - Blogs on AD security and Windows tips and tricks
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965) https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/
Rapid7
Spring4Shell: Zero-Day Vulnerability in Spring Framework | Rapid7 Blog
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/
Pentera
Sensitive information disclosure in VMware vCenter, CVE-2022-22948 - Pentera
Learn how Pentera discovered a new zero day vulnerability in VMware vCenter, and how it could lead to an ESXi takeover.
Decrypting your own HTTPS traffic with Wireshark https://www.trickster.dev/post/decrypting-your-own-https-traffic-with-wireshark/
www.trickster.dev
Decrypting your own HTTPS traffic with Wireshark – Trickster Dev
Code level discussion of web scraping, gray hat automation, growth hacking and bounty hunting
SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know https://jfrog.com/blog/springshell-zero-day-vulnerability-all-you-need-to-know/
JFrog
SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know
Understand SpringShell (Spring4Shell) vulnerability CVE-2022-22965 exploitation vectors, learn what's vulnerable & discover remediations to this zero-day vulnerability