Analyzing a watering hole campaign using macOS exploits
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
GitHub - CCob/lsarelayx: NTLM relaying for Windows made easy
https://github.com/CCob/lsarelayx
Tweet / Twitter
https://twitter.com/campuscodi/status/1458668057040097283
LOTS Project - Living Off Trusted Sites
https://lots-project.com
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits | AT&T Alien Labs
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
Objective-See's Blog
https://objective-see.com/blog/blog_0x69.html
U.S. Accuses Russian of Money Laundering for Ryuk Ransomware Gang - WSJ
https://www.wsj.com/articles/u-s-accuses-russian-of-money-laundering-for-ryuk-ransomware-gang-11636741333?st=jmqllphjjojhjsm&reflink=article_copyURL_share
Katie🌻Moussouris (she/her) on Twitter: "Talking to your reps about the VEP & coming from a place of understanding of the inherent tug of war between offensive & defensive national security goals would be a good way to start the conversation. Come discuss this & other topics Friday 2 PM Pacific https://t.co/sUDvfhXyJs" / Twitter
https://twitter.com/k8em0/status/1459036706833768456
Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html
Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux
https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html
The Kerberos Key List Attack: The return of the Read Only Domain Controllers – SecureAuth
https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/
ZDE2021_AdvancedSimplePwn2Own2021.pdf
https://zerodayengineering.com/projects/slides/ZDE2021_AdvancedSimplePwn2Own2021.pdf
CVE-2021-41349 - Security Update Guide - Microsoft - Microsoft Exchange Server Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41349
Chris Wysopal on Twitter: "Using zero-day exploits you discover without disclosing to the vendor for a year as part of your red team platform" / Twitter
https://twitter.com/weldpond/status/1458920440651526150
GitHub - Agnoctopus/Tartiflette: Snapshot fuzzing with KVM and LibAFL
https://github.com/MattGorko/Tartiflette
DEF CON 30 Theme: Hacker Homecoming! - DEF CON Forums
https://forum.defcon.org/node/240151
Tweet / Twitter
https://twitter.com/bZxHQ/status/1458612977486245893
Server Resolution Error 1001 - SDxCentral
https://sdx.io/OBXW
Pagina non trovata – Exprivia
https://www.exprivia.it/it/cybersecurity-ottimizzare-gli-investimenti-andltbr-andgtper-ridurre-il-rischio-complessivo/6835/apulia-cybersecurity-forum-2021-andltbr-andgt2anddeg-edizione.php
Lorenzo FB / @[email protected] on Twitter: "Can we all agree that we should not say whitelist/blacklist and instead use allowlist/denylist?" / Twitter
https://twitter.com/lorenzofb/status/1458931933342322690
ShmooCon on Twitter: "First found of ticket sales is this Sunday at noon, EST. Since it's been awhile, we suggest a refresher course. Start here: https://t.co/1Dz9Wvugiv" / Twitter
https://twitter.com/shmoocon/status/1459162432836935684
Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/
Zero-day bug in all Windows versions gets free unofficial patch
https://www.bleepingcomputer.com/news/microsoft/zero-day-bug-in-all-windows-versions-gets-free-unofficial-patch/