本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
THREAT INTELLIGENCE/HUNTING
Austin Songer at ‘Songer Tech’
Photo by Bernd 📷 Dittrich / Unsplash SSH (Secure Shell) is one of the most widely used protocols for secure remote access, but it's also a potential target for malicious actors looking to gain unauthorized access. To better protect our systems, it's essential to understand how SSH backdoors might be introduced, how to detect them, and how to mitigate these vulnerabilities.In this blog post, we'll explore two methods of simulating a backdoor in the SSH configuration or authentication process. Thi...
Martin Chlumecký at Avast Threat Labs
by Martin ChlumeckýAugust 13, 202434 min read ― If it sounds too good to be true, it probably is. As digital currencies have rapidly grown, so have cryptocurrency scams, presenting significant risks to crypto investors and users. These scams often attract individuals with promises of high returns or use sophisticated schemes to defraud even the most cautious. Understanding these scams is crucial for protecting potential victims and safely navigating the evolving cryptocurrency scene. With the ad...
Luke Notley and Arran Peterson at AWS Security
by Luke Notley and Arran Peterson | on 16 AUG 2024 | in Amazon GuardDuty, Intermediate (200), Security, Identity, & Compliance, Technical How-to | Permalink | Comments | Share Amazon Simple Storage Service (Amazon S3) is a widely used object storage service known for its scalability, availability, durability, security, and performance. When sharing data between organizations, customers need to treat incoming data as untrusted and assess it for malicious files before ingesting it into their downs...
Bruce Sussman at Blackberry
Ransomware Update: The State of Ransomware Attacks in 2024 CYBERSECURITY / 08.15.24 / Bruce Sussman Share on X Share on Facebook Share on LinkedIn Email In the evolving landscape of cybersecurity, ransomware remains one of the most formidable threats to organizations worldwide. Data from the BlackBerry Cybersecurity Services team reveals that ransomware response is one of the most frequent reasons organizations reach out to them for incident response help. And the BlackBerry Threat Research and ...
Brad Duncan at Malware Traffic Analysis
2024-08-12 (MONDAY): XLOADER/FORMBOOK INFECTION NOTES: Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. ASSOCIATED FILES: 2024-08-12-XLoader-Formbook-malspam-0312-UTC.eml.zip 776.4 kB (776,435 bytes) 2024-08-12-XLoader-Formbook-infection-traffic.pcap.zip 7.8 MB (7,765,631 bytes) 2024-08-12-XLoader-Formbook-malware.zip 1.5 MB (1,459,037 bytes) EMAIL HEADER LINE INFORMATION FROM THE EMAIL: Received: from inolab[...
2024-08-15 - TRAFFIC ANALYSIS EXERCISE: WARMCOOKIE ASSOCIATED FILES: Zip archive of the pcap: 2024-08-15-traffic-analysis-exercise.pcap.zip 10.6 MB (10,557,978 bytes) Zip archive of the pcap: 2024-08-15-traffic-analysis-exercise-alerts.zip 444.9 kB (444,890 bytes) NOTES: Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. Shown above: Lures for WarmCookie take many forms. BACKGROUND A Windows host was infected, a...
BushidoToken
Get link Facebook Twitter Pinterest Email Other Apps - August 15, 2024 IntroductionRansomware attacks are becoming increasingly damaging, but one thing remains consistent: the tools these cybercriminals rely on. The Ransomware Tool Matrix is a comprehensive resource that sheds light on the tactics, techniques, and procedures (TTPs) commonly used by ransomware and extortionist gangs.This repository provides defenders with actionable intelligence on the tools frequently leveraged by adversaries, t...
CERT Ukraine
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 10 – 16 agosto 16/08/2024 riepilogo In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 35 campagne malevole, di cui 16 con obiettivi italiani e 19 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 357 indicatori di compromissione (IOC) individuati. Riportiamo a seguire il dettaglio delle tipologie illu...
Check Point
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
Cloud Chronicles
Introduction In today's complex landscape of modern cybersecurity, organizations and cyber-defenders must remain vigilant as adversaries continuously refine their tactics, techniques, and procedures (TTPs) to exploit vulnerabilities in applications hosted across multi-cloud environments. This blog post aims to shed light on a specific technique outlined in the MITRE ATT&CK framework: Steal Application Access Token. Overview of the Technique The MITRE ATT&CK Cloud Matrix for Enterprise includes a...
Critical Start
CyberCX
Cyble
APT, Trojan August 14, 2024 Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign Cyble analyzes the latest UTG-Q-010 campaign, targeting Chinese entities using an updated DLL loader and the open-source Pupy RAT. Key Takeaways Cyble Research and Intelligence Labs (CRIL) recently identified a campaign utilizing a Windows shortcut (LNK) file, which has been linked to the UTG-Q-010 group. This group, a financially motivated Advanced Persistent Threat (APT) actor originating from East ...
Report an Incident Talk to Sales We are Hiring! LoginLogin ProductsMenu Toggle For Enterprises(B2B) and GovernmentsMenu Toggle Cyble VisionSee Cyble in ActionAward-winning cyber threat intelligence platform, designed to provide enhanced security through real-time intelligence and threat detection. Cyble HawkProtects sensitive information and assets from cyber threats with its specialized threat detection and intelligence capabilities built for federal bodies. For Enterprises(B2B) and Individuals...
Cyfirma
2024 Published On : 2024-08-16 Share : Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: Ransomware Target Technologies: MS Windows Introduction CYFIRMA Research and Advisory Team has found OceanSpy ransomware while monitoring various underground forums as part of our Threat Di...
Cyjax
By Cymon / August 16, 2024 Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers data purportedly leaked from multiple UAE organisations, the disruption of the Dispossessor ransomware operation by law enforcement, and an analysis of the EastWind campaign. 1. Data purportedly leaked from multiple UAE organisations Full report available for CYMON users here. Key Takeaways: User Pryx has posted ...
Aleksandar Matev at Detect FYI – Medium
Dragos
Abdulrahman H. Alamri Ransomware Research Threats Share This LinkedIn Twitter Facebook Email RSS Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary operations and their tactics, techniques, and procedures (TTPs). Dragos OT cyber threat intelligence is fully reported in Dragos WorldView threat intelligence reports and is also compiled into the Dragos Platform for threat detection and vulnerability manageme...
Esentire
Flashpoint
WWH-Club administrators operated an international cybercrime hub, facilitating fraud and illicit sales across multiple platforms. SHARE THIS: Flashpoint August 13, 2024 A criminal complaint was unsealed this week charging Russian national Pavel Kublitskii and Kazakhstan native Alexandr Khodyrev with conspiracy to traffic in unauthorized access devices and possess 15 or more unauthorized access devices. The defendants allegedly served as administrators for the WWH-Club, a prominent Russian-langua...
Justice Department unseals charges against two additional international cybercriminals. SHARE THIS: Flashpoint August 14, 2024 “WASHINGTON – A Belarussian and Ukrainian dual-national charged in both the District of New Jersey and Eastern District of Virginia with leading international computer hacking and wire fraud schemes made his initial appearance in Newark, New Jersey, today after being extradited from Poland.” “As alleged in court documents unsealed today, Maksim Silnikau, also known as Ma...
Fortra’s PhishLabs
What Is Tactical Threat Intelligence? Posted on August 15, 2024 Every day, the digital threat landscape morphs as threat actors come up with new ways to infiltrate and succeed against your organization. To take proactive measures against cyber threats, organizations need threat detection strategies.Of the three forms of threat intelligence (strategic, operational, and tactical), tactical threat intelligence is the most directly actionable. This form of threat intelligence is meant for direct con...
Google Threat Analysis Group
Share Twitter Facebook LinkedIn Mail Copy link Threat Analysis Group Iranian backed group steps up phishing campaigns against Israel, U.S. Aug 14, 2024 read-time min read Share Twitter Facebook LinkedIn Mail Copy link Google Threat Analysis Group Share Twitter Facebook LinkedIn Mail Copy link Today Google’s Threat Analysis Group (TAG) is sharing insights on APT42, an Iranian government-backed threat actor, and their targeted phishing campaigns against Israel and Israeli targets. We are also ...
GuidePoint Security
HackTheBox
Learn how to detect NTLM relay attacks in part four of a special series on critical Active Directory (AD) attack detections & misconfigurations. CyberJunkie & g4rg4m3l, Aug 15, 2024 Red teaming Table of Contents NTML relay attacks explained Play the Reaper Sherlock Detecting NTLM relay attacks Event log analysis Remediation Welcome to part four of a special series on detecting Active Directory attacks & misconfigurations. Each blog post dives deep into identifying, detecting, and mitigating a da...
Hunt IO
Read NowEvilGophish Unhooked: Insights into the Infrastructure and Notable Domains | Hunt.ioHomeProductFeaturesResourcesAboutLoginBook Your Free DemoEvilGophish Unhooked: Insights Into the Infrastructure and Notable DomainsRead NowEvilGophish Unhooked: Insights into the Infrastructure and Notable Domains | Hunt.ioHomeBlogChange LogAboutLoginBook Yor Free DemoC2 Infrastructure FeedsIOC HunterEvilGophish Unhooked: Insights Into the Infrastructure and Notable DomainsRead NowEvilGophish Unhooked: In...
Infoblox
From Click to Chaos: Bouncing Around in Malicious Traffic Distribution SystemsAugust 12, 2024Malicious traffic distribution systems (TDSs) have flown under the radar of most cybersecurity organizations for years: they have been largely ignored and thought of as simply advertising networks or “adware”, a term associated with nuisances and not threats. Cybercriminals have used this to their advantage and have built massive networks of domains that direct victims to scams, phishing, and malware. Th...
Neetrox at InfoSec Write-ups
Intel471
Aug 12, 2024 Apple computers have been regarded by some as more secure than Windows. This perception is due to several factors. One aspect of Apple’s clever marketing campaign from 2006 to 2009 emphasized that its desktop computers were not troubled by malware aimed at the Windows ecosystem. Fewer security researchers specialize in macOS versus Windows, resulting in more issues discovered affecting Windows machines. Also, malware writers tend to focus on Windows because it’s a much larger pool o...
Shwetanjali Rasal at Juniper Networks
Home / Security / The Hidden Door: How CVE-2024-23897 Enabled Ransomware Attack on Indian Banks The Hidden Door: How CVE-2024-23897 Enabled Ransomware Attack on Indian Banks August 13, 2024 by Shwetanjali Rasal On August 1, 2024, Retail payments began to be disrupted in Indian banks and suddenly, massive news broke, stating Brontoo Technology Solutions – a collaborator with C-Edge Technologies, which is a joint venture between TCS (Tata Consultancy Services) and SBI (State Bank of India), was im...
Kalpesh Mantri at Inception Cyber
Written by Kalpesh Mantri, Principal Research Engineer | Aug 14, 2024 5:20:42 PM Introduction Email remains a cornerstone of modern communication, yet it continues to be a primary vector for cyber threats. Cybercriminals have consistently refined their tactics, particularly in evading detection systems. The rise of sophisticated evasion techniques has made detecting and neutralizing email-based malware increasingly challenging. Understanding these evolving threats is crucial for organizations to...
Kelvin Winborne
Bert-Jan Pals at KQL Query
Bert-Jan Pals included in KQL Sentinel Automation SOC Vulnerability Management 2024-08-14 1280 words 7 minutes The CISA Known Exploited Vulnerabilities Catalog helps organizations prioritize vulnerabilities, as an end user you want to be notified when a new vulnerability is added. This blog describes four different solutions in Microsoft Sentinel to automate the notification process, leaving you with the important task of analyzing this new threat.The four automation solutions presented in this ...
George Glass, Keith Wojcieszek, and Laurie Iacono at Kroll
/en/our-team/george-glassGeorge Glass/en/our-team/keith-wojcieszekKeith Wojcieszek/en/our-team/laurie-iaconoLaurie IaconoDownload the ReportDownload the July ReportFirst NameLast NameCompanyJob TitleBusiness EmailRegionUnited StatesAfghanistanAland IslandsAlbaniaAlgeriaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBolivia, Plurinational State ofBonaire, Sint Eustatius and Saba...
Jérôme Segura at Malwarebytes
Posted: August 15, 2024 by Jérôme Segura In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike. We describe how they were able to achieve this, relying...
Shirley Kochavi at the Microsoft Sentinel Blog
Microsoft’s ‘Security, Compliance, and Identity’ Blog
Adrian Garcia Gonzalez and Tiffany Bergeron at MITRE-Engenuity
Cedric Van Bockhaven at Outflank
Cedric Van Bockhaven | August 13, 2024 In this blog post we describe how the MSC file format can be leveraged to execute arbitrary code via MMC (Microsoft Management Console) for initial access or lateral movement purposes. A sample payload that implements this technique was publicly shared recently. This sample was generated using our Outflank Security Tooling (OST) offering and hence we decided to publish additional details on this method and its discovery. Context of this blog post Recently, ...
Palo Alto Networks
11 min read Related ProductsCode to Cloud PlatformPrisma CloudUnit 42 Incident Response By:Yaron Avital Published:13 August, 2024 at 3:00 AM PDT Categories:Cloud Cybersecurity ResearchThreat Research Tags:ArtifactsAWSGitHubOpen sourceRed HatUbuntu Share Executive Summary This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made pos...
3 min read Related ProductsCortexCortex XpanseCortex XSIAMUnit 42 Incident Response By:Unit 42 Published:14 August, 2024 at 6:00 AM PDT Categories:Security TechnologyTrend Reports Tags:Attack surfaceBusiness operations applicationsEntertainmentIT infrastructureMediaRemote access Share Introduction Our latest Unit 42 Attack Surface Threat Report explores the attack surface landscape of 265 global organizations worldwide. The report is based on our observable data on exposures and vulnerabilities ...
18 min read Related ProductsAdvanced DNS SecurityAdvanced URL FilteringAdvanced WildFireCloud-Delivered Security ServicesCode to Cloud PlatformCortexCortex XDRCortex XSIAMNext-Generation FirewallPrisma CloudUnit 42 Incident Response By:Margaret ZimmermannSean JohnstoneWilliam GamazoNathaniel Quist Published:15 August, 2024 at 3:00 AM PDT Categories:Cloud Cybersecurity ResearchThreat Research Tags:AWSCredential theftData exfiltrationENV filesEnvironment variable filesExploit KitsExposed environme...
Quentin Roland at Synacktiv
Rédigé par Quentin Roland - 14/08/2024 - dans Pentest - Téléchargement SCCM policies are a prime target for attackers in Active Directory environments as they may expose â intentionally or otherwise â sensitive technical information such as account credentials. Said credentials could be retrieved by authenticated attackers impersonating a registered device, or in some cases from an unauthenticated position by exploiting misconfigurations on policies distribution. SCCMSecrets.py is a pyth...
Recorded Future
Ahead of the US 2024 elections, malign influence operations by Russia, China, and Iran are ramping up, aiming to shape public opinion and disrupt the electoral process. These activities are reminiscent of previous attempts to influence elections in France and other democratic countries. Insikt Group has identified three major thematic trends: exploiting protests related to the Israel-Hamas conflict to undermine trust in US institutions, reducing support for military aid to US allies, and influen...
ReliaQuest
RussianPanda
RussianPanda Dolphin Loader A few days ago I was looking at the sample from Dolphin Loader and couldn’t understand for awhile how it was able to retrieve the final payload because the payload was not able to fully complete the execution chain. Recently someone sent me a fresh working sample, so I had a little “hell yeah!” moment. Before looking into the abuse of ITarian RMM software, we should talk a little bit about Dolphin Loader. Dolphin Loader is a new Malware-as-a-Service loader that first ...
SANS Internet Storm Center
Video: Same Origin, CORS, DNS Rebinding and Localhost Published: 2024-08-12. Last Updated: 2024-08-12 00:26:11 UTC by Johannes Ullrich (Version: 1) 1 comment(s) Trying something a bit different. A video demo to illustrate some concepts around "Origin" in web applications. Let me know if this is something you would like to see more of. Some references to go with this video: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser Private Network Access Cross Origin Resource Sharing --- Johannes B....
Internet Storm Center Sign In Sign Up SANS Network Security: Las Vegas Sept 4-9. Handler on Duty: Jesse La Grew Threat Level: green ISC Stormcast For Friday, August 16th, 2024 //isc.sans.edu/podcastdetail/9100 [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools Published: 2024-08-16. Last Updated: 2024-08-16 00:08:23 UTC by Justin Leibach, SANS BACS Student (Version: 1) 0 comment(s) [This is a Guest Diary by Justin Leibach, an ISC intern as a part of the SANS.edu BACS ...
Wireshark 4.4.0rc1's Custom Columns Published: 2024-08-15. Last Updated: 2024-08-15 08:27:12 UTC by Didier Stevens (Version: 1) 0 comment(s) In diary entry "A Wireshark Lua Dissector for Fixed Field Length Protocols", I show how to use a protocol dissector I wrote in Lua to parse TCP data. Wireshark 4.4.0 Release Candidate 1 was released, and it allows us to use field expressions as custom columns. This means that some of the functionality that had to be implemented with a dissector, can now jus...
Securelist
APT reports 13 Aug 2024 minute read Table of Contents Most notable findingsChinese-speaking activityMiddle EastSoutheast Asia and Korean PeninsulaHacktivismOther interesting discoveriesFinal thoughts Authors GReAT For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been sharing quarterly updates on advanced persistent threats (APTs). These summaries draw on our threat intelligence research, offering a representative overview of what we’ve published and discussed in ...
APT reports 14 Aug 2024 minute read Table of Contents Technical informationVERSION.dll – a backdoor that uses DropboxGrewApacha: a RAT used by APT31 since 2021New version of the CloudSorcerer backdoorPlugY: an implant that overlaps with APT27 toolsTips for attack detectionConclusion Authors GReAT In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing em...
SOC, TI and IR posts 15 Aug 2024 minute read Table of Contents SummaryFirst sub-campaign (TidyMe)Initial downloader (TidyMe.exe)Downloader routinePayload (updateload.exe and bytes.exe)Identifying additional sub-campaignsSecond sub-campaign (RuneOnlineWorld)Initial downloader (RuneOnlineWorld.exe)First payload (updateload.exe)Second payload (bytes.exe)madHcNet32.dllThird sub-campaign (Voico)Initial downloader (Voico.exe)Payload (updateload.exe and bytes.exe)Possible other sub-campaignsConclusionI...
Silent Push
SOCRadar
Roots of Cyber Army of Russia High Society and Holy League How and Whom They Attack? Conclusion What are the MITRE ATT&CK TTPs of CARR? Home Resources Blog Aug 13, 2024 9 Mins Read Dark Web Profile: Cyber Army of Russia Reborn In Russian Народная CyberАрмияa (People’s CyberArmy) is a prominent hacktivist group involved in disruptive attacks on critical infrastructure and financial systems, demonstrating significant DDoS capabilities and strategic motivations. However, is the group a hacktivist m...
What’s Inside the Report? Dark Web News: Ransomware News: Phishing Attacks: DDoS Attacks: Stealer Logs: Conclusion Home Resources Blog Aug 15, 2024 4 Mins Read Annual Europe Threat Landscape Report 2024 In an era where cyber threats evolve rapidly, staying ahead of the curve is essential. Our latest Annual Europe Threat Landscape Report 2024 offers a comprehensive analysis of the current threat landscape, providing invaluable insights to protect your organization. This report, crafted by our res...
Sophos
The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for Written by Paul Jacobs, Lee Kirkpatrick August 13, 2024 Security Operations Threat Research AnyDesk featured incident response mad liberator malware Social engineering The Sophos X-Ops Incident Response team has been examining the tactics of a ransomware group called Mad Liberator. This is a fairly new threat actor, first emerging in mid-July 2024. In this article, we’ll look at certain techniques the group ...
270 IT/cybersecurity leaders share their ransomware experiences from the last year. Written by Puja Mahendru August 14, 2024 Products & Services government Ransomware Solutions The State of Ransomware The latest annual Sophos study of the real-world ransomware experiences of state and local government organizations explores the full victim journey, from attack rate and root cause to operational impact and business outcomes. This year’s report sheds light on new areas of study for the sector, inc...
Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks Written by Andreas Klopsch August 14, 2024 Threat Research BYOVD EDR EDR killer featured Ransomware Sophos analysts recently encountered a new EDR-killing utility being deployed by a criminal group who were trying to attack an organization with ransomware called RansomHub. While the ransomware attack ultimately was unsuccessful, the postmortem analysis of the attack revealed the existence of a new tool...
Forrest Kasler at SpecterOps
James Hodgkinson at Splunk
By James Hodgkinson Share on X Share on Facebook Share on LinkedIn As outlined in a previous post, OpenTelemetry and Splunk Observability Cloud can provide great visibility when security teams investigate activity in modern environments. In this post, we look at another aspect of this visibility: how you can use traces to see directly into the workings of an application to find a potential threat.Let’s imagine we’re the security analyst, and a message comes across from the Security Operations Ce...
Team Cymru
FIN7: The Truth Doesn't Need to be so STARKFirst and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking ...
This article provides a comprehensive overview of threat intelligence services, highlighting the importance, methodology, benefits, and future of threat intelligence. It aims to inform you about the value of leveraging advanced threat intelligence to enhance your organization’s cybersecurity posture.Threat intelligence involves collecting, analyzing, and disseminating information about past, current, and future threats to an organization's security. This intelligence can come from various source...
John Scott-Railton, Rebekah Brown, Ksenia Ermoshina, and Ron Deibert at The Citizen Lab
Summary A sophisticated spear phishing campaign has been targeting Western and Russian civil society. This campaign, which we have investigated in collaboration with Access Now and with the participation of numerous civil society organizations including First Department, Arjuna Team, and RESIDENT.ngo, engages targets with personalized and highly-plausible social engineering in an attempt to gain access to their online accounts. We attribute this campaign to COLDRIVER (also known as Star Blizzard...
The DFIR Report
Oddvar Moe at TrustedSec
Skip to Main Content Menu Search Input Search Contact Us Report a breach Blog Oops I UDL'd it Again August 15, 2024 Oops I UDL'd it Again Written by Oddvar Moe Red Team Adversarial Attack Simulation Table of contentsIntroductionThe DiscoveryDetails about Universal Data Link Configuration (UDL) filesUsing UDL Files for PhishingConclusionIntroductionPhishing. We all love phishing. This post is about a new phishing technique based on some legacy knowledge I had that can be used to get past email fi...
David Broggy at Trustwave SpiderLabs
Change theme to light August 12, 2024 2 Minute Read by David Broggy Once an attacker enters your network, one of their first actions will be to try and hide their tracks by blending in, using methods of deception such as mimicking normal user activities. A cyber defender can also use methods of deception to detect and slow the advance of these adversaries. This is known as an active defense. This article will discuss some methods of using Active Defences, sometimes referred to as ’deceptions,’ a...
Jonathan Mccay at Walmart
Victor M. Alvarez at YARA-X
August 16, 2024 by Victor M. Alvarez3 minutesStarting with version 0.6.0, YARA-X’s command-line interface (CLI) now supports NDJSON output —a feature contributed by Wesley Shields, a seasoned contributor to YARA who’s also been making strides in YARA-X. Welcome to the Rust world, Wes!For those unfamiliar, NDJSON stands for “Newline Delimited JSON.” It’s a text format where each line is a standalone JSON object, making it ideal for easy parsing.The primary advantage of NDJSON is its simplicity in...
