14 tweets

BlueHound: Community Driven Resilience. - Zero Networks | Contain The Next Breach

https://zeronetworks.com/blog/bluehound-community-driven-resilience/
BlueHound: Community Driven Resilience. - Zero Networks | Contain The Next Breach
14 tweets

GitHub - zeronetworks/BlueHound

https://github.com/zeronetworks/BlueHound
GitHub - zeronetworks/BlueHound
13 tweets

Microsoft Office to publish symbols starting August 2022 – Microsoft Security Response Center

https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/
Microsoft Office to publish symbols starting August 2022 – Microsoft Security Response Center
13 tweets

Dancing on the architecture of VMware Workspace ONE Access (ENG) | by Petrus Viet | Aug, 2022 | Medium

https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
Dancing on the architecture of VMware Workspace ONE Access (ENG) | by Petrus Viet | Aug, 2022 | Medium
12 tweets

BumbleBee Roasts Its Way to Domain Admin – The DFIR Report

https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/
BumbleBee Roasts Its Way to Domain Admin – The DFIR Report
9 tweets

GitHub - rad9800/TamperingSyscalls

https://github.com/rad9800/TamperingSyscalls
GitHub - rad9800/TamperingSyscalls
8 tweets

Discovering Domains via a Timing Attack on Certificate Transparency – PT SWARM

https://swarm.ptsecurity.com/discovering-domains-via-timing-attack/
Discovering Domains via a Timing Attack on Certificate Transparency – PT SWARM
8 tweets

10 Credential Stealing Python Libraries Found on PyPI Repository

https://thehackernews.com/2022/08/10-credential-stealing-python-libraries.html
10 Credential Stealing Python Libraries Found on PyPI Repository
7 tweets

7-Eleven stores in Denmark closed due to a cyberattack

https://www.bleepingcomputer.com/news/security/7-eleven-stores-in-denmark-closed-due-to-a-cyberattack/
7-Eleven stores in Denmark closed due to a cyberattack
7 tweets

https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf

7 tweets

Chetan Nayak (Brute Ratel C4) on Twitter: "The stager which I converted from 8kb to 3.5 kb, is now back to 9kb, but it now unhooks every DLL hooked by the EDR before downloading the encrypted stage and executing it. Tested it against most top notch EDRs in prevent mode and this time added Palo Alto to the tests. #BRc4 https://t.co/WSXJmjEK9i" / Twitter

https://twitter.com/NinjaParanoid/status/1554498023455354880
Chetan Nayak (Brute Ratel C4) on Twitter: "The stager which I converted from 8kb to 3.5 kb, is now back to 9kb, but it now unhooks every DLL hooked by the EDR before downloading the encrypted stage and executing it. Tested it against most top notch EDRs in prevent mode and this time added Palo Alto to the tests. #BRc4 https://t.co/WSXJmjEK9i" / Twitter
7 tweets

VirusTotal - File - 89d6b9a0f7d4f30f5021a893925dfbea12051a0d3e5f5845fd1bc45b74eed830

https://www.virustotal.com/gui/file/89d6b9a0f7d4f30f5021a893925dfbea12051a0d3e5f5845fd1bc45b74eed830
VirusTotal - File - 89d6b9a0f7d4f30f5021a893925dfbea12051a0d3e5f5845fd1bc45b74eed830
7 tweets

Hatching Triage | Behavioral Report

https://tria.ge/220809-l8jgdsadg4/behavioral1
Hatching Triage | Behavioral Report
7 tweets

MalwareBazaar | SHA256 89d6b9a0f7d4f30f5021a893925dfbea12051a0d3e5f5845fd1bc45b74eed830

https://bazaar.abuse.ch/sample/89d6b9a0f7d4f30f5021a893925dfbea12051a0d3e5f5845fd1bc45b74eed830/
MalwareBazaar | SHA256 89d6b9a0f7d4f30f5021a893925dfbea12051a0d3e5f5845fd1bc45b74eed830
7 tweets

YARA for config extraction - N1ght-W0lf

https://n1ght-w0lf.github.io/tutorials/yara-for-config-extraction/
YARA for config extraction - N1ght-W0lf
7 tweets

tweets/2022-08-08-IOCs-for-IcedID-and-Cobalt-Strike.txt at master · pan-unit42/tweets · GitHub

https://bit.ly/3bNYW10
tweets/2022-08-08-IOCs-for-IcedID-and-Cobalt-Strike.txt at master · pan-unit42/tweets · GitHub
7 tweets

MalwareBazaar | SHA256 9ce84380614d0eb61fd657c42593e5cd91d122f614c00c5edea6514241951854 (IcedID)

https://bazaar.abuse.ch/sample/9ce84380614d0eb61fd657c42593e5cd91d122f614c00c5edea6514241951854/
MalwareBazaar | SHA256 9ce84380614d0eb61fd657c42593e5cd91d122f614c00c5edea6514241951854 (IcedID)
7 tweets

MalwareBazaar | SHA256 b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef (SVCReady)

https://bazaar.abuse.ch/sample/b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef/
MalwareBazaar | SHA256 b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef (SVCReady)
7 tweets

U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury

https://home.treasury.gov/news/press-releases/jy0916
U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury
6 tweets

MalwareBazaar | SHA256 e192656ce9c73ac7bcb4cec136378c5843e128b76cd1c021aeec274edecbf869 (Gozi)

https://bazaar.abuse.ch/sample/e192656ce9c73ac7bcb4cec136378c5843e128b76cd1c021aeec274edecbf869/
MalwareBazaar | SHA256 e192656ce9c73ac7bcb4cec136378c5843e128b76cd1c021aeec274edecbf869 (Gozi)
6 tweets

MalwareBazaar | SHA256 64413387408791ebc4e35419e7db96cfb57e26d4c6bdcbf5ac5f244b18819c5c

https://bazaar.abuse.ch/sample/64413387408791ebc4e35419e7db96cfb57e26d4c6bdcbf5ac5f244b18819c5c/
MalwareBazaar | SHA256 64413387408791ebc4e35419e7db96cfb57e26d4c6bdcbf5ac5f244b18819c5c
6 tweets

502 Bad Gateway

https://posts.specterops.io/on-detection-tactical-to-functional-45e41fef7af4
502 Bad Gateway
6 tweets

Windows devices with newest CPUs are susceptible to data damage

https://www.bleepingcomputer.com/news/microsoft/windows-devices-with-newest-cpus-are-susceptible-to-data-damage/
Windows devices with newest CPUs are susceptible to data damage
6 tweets

JAMESWT on Twitter: ""Notifica cartella di pagamento n." spam email @Agenzia_Entrate spread #SVCReady > @hatching_io Xls https://t.co/4xVoJN4kd6 Dll https://t.co/jpxhBXmE3M Dll Url (geoITA+BLK IP) zopxor.]com cc @58_158_177_102 @felixw3000 https://t.co/lTuq9qgESy" / Twitter

https://twitter.com/JAMESWT_MHT/status/1556950417975672833
JAMESWT on Twitter: ""Notifica cartella di pagamento n." spam email @Agenzia_Entrate spread #SVCReady > @hatching_io Xls https://t.co/4xVoJN4kd6 Dll https://t.co/jpxhBXmE3M Dll Url (geoITA+BLK IP) zopxor.]com cc @58_158_177_102 @felixw3000 https://t.co/lTuq9qgESy" / Twitter
6 tweets

VirusTotal - File - 3ba9e82575262067725feda9cefac9a6a6350ead5037ae9d85c398a0ecf6c6eb

https://www.virustotal.com/gui/file/3ba9e82575262067725feda9cefac9a6a6350ead5037ae9d85c398a0ecf6c6eb/detection
VirusTotal - File - 3ba9e82575262067725feda9cefac9a6a6350ead5037ae9d85c398a0ecf6c6eb
6 tweets

Hatching Triage | Behavioral Report

https://tria.ge/220809-cymavsded4/behavioral2
Hatching Triage | Behavioral Report