TinyTurla Next Generation - Turla APT spies on Polish NGOs https://blog.talosintelligence.com/tinyturla-next-generation/
Cisco Talos Blog
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
👍2
How to protect Evilginx using Cloudflare and HTML Obfuscation https://www.jackphilipbutton.com/post/how-to-protect-evilginx-using-cloudflare-and-html-obfuscation
Jack Button
How to protect Evilginx using Cloudflare and HTML Obfuscation
Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements. Anyone who has tried to run a Social…
Load-time relocation of shared libraries https://eli.thegreenplace.net/2011/08/25/load-time-relocation-of-shared-libraries/
JavaScript Debugging with Maglev Compiler https://vxrl.medium.com/javascript-debugging-with-maglev-compiler-6b2a26cb1a3a
Medium
JavaScript Debugging with Maglev Compiler
Twitter: @Darkfloyd1014
👍1
Unveiling Crypto Miner’s Stealthy Tactics: The Rise of Indirect Syscalls for Evasion https://labs.k7computing.com/index.php/unveiling-crypto-miners-stealthy-tactics-the-rise-of-indirect-syscalls-for-evasion/
K7 Labs
Unveiling Crypto Miner’s Stealthy Tactics: The Rise of Indirect Syscalls for Evasion
Recently we got our hands on a set of samples which had a big data section with high entropy and […]
Position Independent Code (PIC) in shared libraries https://eli.thegreenplace.net/2011/11/03/position-independent-code-pic-in-shared-libraries/
The Attackers Guide to Azure AD Conditional Access https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
Daniel Chronlund Cloud Security Blog
The Attackers Guide to Azure AD Conditional Access
Conditional Access is one of Microsoft’s most powerful security features and the central engine for their zero trust architecture. It’s no secret that I love working with Conditional Ac…
Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
Aqua
Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System
Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu's command-not-found package and the snap package repository.
Staying ahead of threat actors in the age of AI https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
Microsoft News
Staying ahead of threat actors in the age of AI
Microsoft and OpenAI research on emerging AI threats focusing on threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm.
Microsoft 365 AiTM detection: the lessons learned https://zolder.io/microsoft-365-aitm-detection-the-lessons-learned/
Zolder B.V.
Microsoft 365 AiTM detection: the lessons learned
The beginning of January we released a new way to detect AiTM attacks on your Microsoft 365 environment. In just one month, we are protecting over 100 tenants with this new approach. We were able t…
Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
attackshipsonfi.re
Exploiting Unsynchronised Clocks
TL;DR According to data from RIPE, over 40% of computers attached to the Internet have a few seconds of clock drift, which with the right combination of headers, will make an HTTP response unintentionally cacheable.
Diving into the DICOM file format https://voidzone.me/posts/diving-into-the-dicom-file-format/
Docker Security – Step-by-Step Hardening (Docker Hardening) https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/
ReynardSec
Docker Security - Step-by-Step Hardening (Docker Hardening) - ReynardSec
This article provides practical recommendations for configuring Docker platform aimed at increasing its security. It also suggests tools helpful in automation of some tasks related to securing Docker.
👍1
Type Libraries Unleashed: Powering Macros with DLL Insights https://posts.redteamtacticsacademy.com/type-libraries-unleashed-powering-macros-with-dll-insights-9bcff8404017
Medium
Type Libraries Unleashed: Powering Macros with DLL Insights
Recently, I was revisiting Outflank’s treasure trove of insights when an article from March 2023 caught my eye — specifically, “Attacking…
👍1
Full Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8 https://github.com/bjrjk/CVE-2022-4262/
GitHub
GitHub - bjrjk/CVE-2022-4262: Full Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8.
Full Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8. - bjrjk/CVE-2022-4262
C101011: D-Link DIR-865L, Remote Code Execution (pre-auth) https://therealcoiffeur.com/c101011.html
Coiffeur’s blog
C101011: D-Link DIR-865L, Remote Code Execution (pre-auth)
Vulnerability research blog
Mirai Variant CVE-2023-1389 https://blog.permafrostsec.com/posts/mirai-variant-cve-2023-1389/
A technical analysis of the BackMyData ransomware used to attack hospitals in Romania https://cybergeeks.tech/a-technical-analysis-of-the-backmydata-ransomware-used-to-attack-hospitals-in-romania/