EDR Parallel-asis through Analysis - MDSec
https://www.mdsec.co.uk/2022/01/edr-parallel-asis-through-analysis/
Malware-Traffic-Analysis.net - 2022-01-06 (Thursday) - TA551 (Shathak) pushes IcedID (Bokbot)
https://www.malware-traffic-analysis.net/2022/01/06/index.html
Spring Boot + H2数据库JNDI注入
https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ
JNDI-Related Vulnerability Discovered in H2 Database Console | JFrog
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
mr.d0x on Twitter: "Bypass Defender AV static detection: If you name a malicious file DumpStack.log Defender doesn't scan it. https://t.co/aCiBuT8tIc" / Twitter
https://twitter.com/mrd0x/status/1479094189048713219
FinalSite ransomware attack shuts down thousands of school websites
https://www.bleepingcomputer.com/news/security/finalsite-ransomware-attack-shuts-down-thousands-of-school-websites/
GitHub - thefLink/Hunt-Sleeping-Beacons: Aims to identify sleeping beacons
https://github.com/thefLink/Hunt-Sleeping-Beacons
FluBot malware now targets Europe posing as Flash Player app
https://www.bleepingcomputer.com/news/security/flubot-malware-now-targets-europe-posing-as-flash-player-app/
Expert IT Training for Networking, Cyber Security and Cloud | INE
https://bit.ly/3m6RG2d
Space / Twitter
https://twitter.com/i/spaces/1OyKADkEwYNxb
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html
NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies - SEKOIA.IO
https://hubs.la/Q011GrZk0
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware
UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits - The Record from Recorded Future News
https://therecord.media/uk-nhs-threat-actor-targets-vmware-horizon-servers-using-log4shell-exploits/
GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
A phishing document signed by Microsoft – part 2 | Outflank
https://outflank.nl/blog/2022/01/07/a-phishing-document-signed-by-microsoft-part-2/
Security Researcher Finds Facebook App Tracking iPhone Movements
https://www.forbes.com/sites/zakdoffman/2021/10/23/apple-iphone-users-delete-facebook-app-after-new-tracking-warning/
FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware - The Record from Recorded Future News
https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/
pyn3rd on Twitter: "Spring Boot Starter Data JPA + H2 Database Remote Code Execution via JNDI Injection https://t.co/TiI8Mfhw2Q" / Twitter
https://twitter.com/pyn3rd/status/1255458158421708801
NOBELIUM’s EnvyScout infection chain goes in the registry
https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/
GitHub - antonioCoco/RogueWinRM: Windows Local Privilege Escalation from Service Account to System
https://github.com/antonioCoco/RogueWinRM
GitHub - DarkCoderSc/PowerRemoteDesktop: Remote Desktop entirely coded in PowerShell.
https://github.com/DarkCoderSc/PowerRemoteDesktop
GitHub - ufrisk/pcileech: Direct Memory Access (DMA) Attack Software
https://github.com/ufrisk/pcileech
Enumerates why each DLL loaded for each process via PEB · GitHub
https://gist.github.com/olliencc/2ebe7c1305f45175fc3972b99a769a2f
Blog — Signal Labs
https://www.signal-labs.com/blog
VirusTotal - File - 2823b5805c218ecca1843e6b410654de4e3044259dcfc86ccaa3fd7c2a35cfba
https://www.virustotal.com/gui/file/2823b5805c218ecca1843e6b410654de4e3044259dcfc86ccaa3fd7c2a35cfba
Moxie Marlinspike >> Blog >> My first impressions of web3
https://moxie.org/2022/01/07/web3-first-impressions.html