A step-by-step analysis of the Russian APT Turla backdoor called TinyTurla https://cybergeeks.tech/a-step-by-step-analysis-of-the-russian-apt-turla-backdoor-called-tinyturla/
Active Directory Fundamentals (Part 1)- Basic Concepts https://rootdse.org/posts/active-directory-basics-1/
RootDSE
Active Directory Fundamentals (Part 1)- Basic Concepts
Active Directory penetration dojo by ScarredMonk - Blogs on AD security and Windows tips and tricks
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965) https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/
Rapid7
Spring4Shell: Zero-Day Vulnerability in Spring Framework | Rapid7 Blog
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/
Pentera
Sensitive information disclosure in VMware vCenter, CVE-2022-22948 - Pentera
Learn how Pentera discovered a new zero day vulnerability in VMware vCenter, and how it could lead to an ESXi takeover.
Decrypting your own HTTPS traffic with Wireshark https://www.trickster.dev/post/decrypting-your-own-https-traffic-with-wireshark/
www.trickster.dev
Decrypting your own HTTPS traffic with Wireshark – Trickster Dev
Code level discussion of web scraping, gray hat automation, growth hacking and bounty hunting
SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know https://jfrog.com/blog/springshell-zero-day-vulnerability-all-you-need-to-know/
JFrog
SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know
Understand SpringShell (Spring4Shell) vulnerability CVE-2022-22965 exploitation vectors, learn what's vulnerable & discover remediations to this zero-day vulnerability
Process Overwriting: Yet another variant of Process Hollowing https://securityonline.info/process-overwriting-yet-another-variant-of-process-hollowing/
Vulnerabilities Identified in Wyze
Cam IoT Device https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Cam IoT Device https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Top 3 Stealer Malware Activity Research https://brandefense.io/top-3-stealer-malware-activity-report/
Brandefense
Top 3 Stealer Malware Activity Research - Brandefense
This research aims to share the Top 3 Different Stealer Malware behaviors and their properties. Malicious software attacks and their impacts continue to grow rapidly.
AcidRain | A Modem Wiper Rains Down on Europe https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
SentinelOne
AcidRain | A Modem Wiper Rains Down on Europe
As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks https://blog.aquasec.com/python-ransomware-jupyter-notebook
Aqua
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
Team Nautilus uncovered and analyzed the first Python-based ransomware attack that targets misconfigured Jupyter Notebooks in the wild and encrypts files.
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability https://www.tenable.com/blog/spring4shell-faq-spring-framework-remote-code-execution-vulnerability
Tenable®
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
A list of frequently asked questions related to Spring4Shell (CVE-2022-22965).
New spear phishing campaign targets Russian dissidents https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
ThreatDown by Malwarebytes
New spear phishing campaign targets Russian dissidents - ThreatDown by Malwarebytes
This blog post was authored by Hossein Jazi. — Updated to clarify the two different campaigns (Cobalt Strike and Rat) Several threat actors have taken advantage of the war in Ukraine to launch a…
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
Fortinet Blog
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
FortiGuard Labs discovered a campaign by Deep Panda exploiting Log4Shell, along with a novel kernel rootkit signed with a stolen digital certificate also used by Winnti. Read to learn about these a…
Ransomware Spotlight: Hive https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-hive
Trendmicro
Ransomware Spotlight: Hive
Hive ransomware is one of the new ransomware families in 2021 that poses significant challenges to enterprises worldwide. We take an in-depth look at the ransomware group’s operations and discuss how organizations can bolster their defenses against it.
An Exercise in Dynamic Analysis: Analyzing the PayloadRestrictions.dll Export Address Filtering https://windows-internals.com/an-exercise-in-dynamic-analysis/
Video of the talk "Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols" at @BlueHatIL https://youtu.be/vfb-bH_HaW4
YouTube
BlueHat IL 2022 - Antonio Cocomazzi & Andrea Pierini - Relaying to Greatness
Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker performs a man in the middle and acts on behalf of the victim while communicating…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask https://github.com/xepor/xepor
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
[QuickNote] Analysis of Pandora ransomware https://kienmanowar.wordpress.com/2022/03/21/quicknote-analysis-of-pandora-ransomware/
0day in {REA_TEAM}
[QuickNote] Analysis of Pandora ransomware
FOREWORD: Pandora’s code looks very weird and obfuscate complicated, so this analysis does not cover all its functions.I’m not a crypto expert, so I won’t dive into Pandora’…
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
Zero Day Initiative
Zero Day Initiative — Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks
We would like to thank researcher Abdelhamid Naceri for his great work in developing these exploit techniques, as well as for the vulnerabilities he has been reporting to our program. We look forward to seeing more from him in the future. Until then, follow…