Turning bad SSRF to good SSRF: Websphere Portal (CVE-2021-27748) – Assetnote
https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
Fintech firm hit by Log4j hack refuses to pay $5 million ransom
https://www.bleepingcomputer.com/news/security/fintech-firm-hit-by-log4j-hack-refuses-to-pay-5-million-ransom/
LastPass users warned their master passwords are compromised
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
JavaScript Engines Exploitation: a Jscript9 Case Study – Zero Day Engineering Research
https://zerodayengineering.com/research/javascript-engines-exploitation-jscript9.html
Iranian hackers behind Cox Media Group ransomware attack
https://therecord.media/iranian-hackers-behind-cox-media-group-ransomware-attack/
Releases · hasherezade/mal_unpack_drv · GitHub
https://github.com/hasherezade/mal_unpack_drv/releases
Implant.ARM.iLOBleed.a | Padvish Threats Database
https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
Expert IT Training for Networking, Cyber Security and Cloud | INE
https://bit.ly/3m6RG2d
Download a Windows virtual machine - Windows app development | Microsoft Developer
https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Hexadecim8 🏳️⚧️ [email protected] on Twitter: "I'll make this perfectly clear, if you're in infosec and someone hits you up and asks for your help getting into their GFs phone/account/whateverto snoop on them *you tell them to fuck off*. You do not help them in any way. I can't believe we have to go over this again." / Twitter
https://twitter.com/hexadecim8/status/1475979949882421256
Releases · hasherezade/mal_unpack
https://github.com/hasherezade/mal_unpack/releases
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html
CVE-2021-44832 - Apache Log4j 2.17.0 Arbitrary Code Execution via JDBCAppender DataSource Element | Checkmarx.com
https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/
Advisory: Websphere Portal SSRFs & Post Auth RCE - CVE-2021-27748 – Assetnote
https://blog.assetnote.io/2021/12/25/advisory-websphere-portal/
Cedric Van Bockhaven on Twitter: "Just published an AD Explorer snapshot ingestor for #BloodHound: https://t.co/DSfn7n2Lah" / Twitter
https://twitter.com/c3c/status/1475953876146786307
GitHub - google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
https://github.com/google/log4jscanner
Exploits/Chains/Hydseven at main · forrest-orr/Exploits · GitHub
https://github.com/forrest-orr/Exploits/tree/main/Chains/Hydseven
Log4j – Apache Log4j Security Vulnerabilities
https://logging.apache.org/log4j/2.x/security.html
Will Dormann on Twitter: "If any person or organization is suggesting you get spun up about CVE-2021-44832, you should really take a good look at what their motivations may be. https://t.co/RgkvCu3sv2" / Twitter
https://twitter.com/wdormann/status/1475903286913998853
Threat actor uses HP iLO rootkit to wipe servers
https://therecord.media/threat-actor-uses-hp-ilo-rootkit-to-wipe-servers/
Another Log4j on the fire: Unifi | Sprocket Security
https://www.sprocketsecurity.com/blog/another-log4j-on-the-fire-unifi
Introduction · Reverse Engineering
https://0xinfection.github.io/reversing/
presentations/State of C2 Matrix - 2021 - GRIMMCon0x6.pdf at main · jorgeorchilles/presentations · GitHub
https://github.com/jorgeorchilles/presentations/blob/main/2021-GRIMMCon0x6/State%20of%20C2%20Matrix%20-%202021%20-%20GRIMMCon0x6.pdf
Tweet / Twitter
https://twitter.com/campuscodi/status/1476016845593493507
GitHub - klezVirus/vortex: VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
https://github.com/klezVirus/vortex