Microsoft rolls back decision to block Office macros by default
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/
GitHub - GhostPack/Koh: The Token Stealer
https://github.com/GhostPack/Koh
BleepingComputer on Twitter: "Microsoft rolls back decision to block Office macros by default - @serghei https://t.co/9BK0slNuEw" / Twitter
https://twitter.com/BleepinComputer/status/1545174259487621122
Koh: The Token Stealer. Edit 07/13/22: After an awesome back… | by Will Schroeder | Jul, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6
AstraLocker decryptor - Emsisoft: Free Ransomware Decryption Tools
https://www.emsisoft.com/ransomware-decryption-tools/astralocker
MalwareBazaar | agencijazaregistraciju-rs
https://bazaar.abuse.ch/browse/tag/agencijazaregistraciju-rs/
RedDrip Team on Twitter: "Maybe #EnvyScout sample from #APT29 #NOBELIUM i.html 3aa44a7951ad95d02c426e9e2a174c2e Decret.iso 6228d15e3bb50adfa59c1bdf5f6ce9f0 Decret.lnk 59b5d262532dab929bbe56c90a0257d2 cmd: %windir%/system32/cmd.exe /c start HP2.exe HPScanApi.dll 6812031432039a89fa741e9338f8e887 https://t.co/sIWMrtPzBu" / Twitter
https://twitter.com/RedDrip7/status/1545245625662418945
The BindShell Paranoid Ninja Drama - YouTube
https://youtu.be/CYC9S0qvWcU
Acquisition News and Detection Updates
https://hatching.io/blog/acquisition-recorded-future/
Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation | by Olaf Hartong | FalconForce | Jul, 2022 | Medium
https://medium.com/falconforce/microsoft-defender-for-endpoint-internals-0x03-mde-telemetry-unreliability-and-log-augmentation-ec6e7e5f406f?source=friends_link&sk=568408658cb80770d2ed7ca8a415351c
YamaBot Malware Used by Lazarus - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
https://blogs.jpcert.or.jp/en/2022/07/yamabot.html
Qakbot/Qakbot_obama199_08.07.2022.txt at main · pr0xylife/Qakbot · GitHub
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama199_08.07.2022.txt
MalwareBazaar | SHA256 1beb6f15f403fe31392012b506ce1bb38424482d3e8123f0f80ae439484fffe7 (Quakbot)
https://bazaar.abuse.ch/sample/1beb6f15f403fe31392012b506ce1bb38424482d3e8123f0f80ae439484fffe7/
MalwareBazaar | SHA256 1a1cce1534108d04037119a579d9cd567d7308af65677234dce8e7a0b4b83eea (Quakbot)
https://bazaar.abuse.ch/sample/1a1cce1534108d04037119a579d9cd567d7308af65677234dce8e7a0b4b83eea/
Automating binary vulnerability discovery with Ghidra and Semgrep - hn security
https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/
GitHub - hasherezade/pe2pic: Small visualizator for PE files
https://github.com/hasherezade/pe2pic
Daniel Lippman on Twitter: "NEW: Justice Brett Kavanaugh had to exit through the rear of Morton's on Wednesday night after DC protestors showed up out front. A Morton's rep told me: "Politics … should not trample the freedom at play of the right to congregate and eat dinner." https://t.co/wlA4J2nxYW https://t.co/jpsfhB3JVo" / Twitter
https://twitter.com/dlippman/status/1545357451234615298
AutoRegex: Convert from English to RegEx with Natural Language Processing
http://autoregex.xyz
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine
https://thehackernews.com/2022/07/trickbot-malware-shifted-its-focus-on.html
Free decryptor released for AstraLocker, Yashma ransomware victims
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-astralocker-yashma-ransomware-victims/
Tweet / Twitter
https://twitter.com/gossithedog/status/1545193161974218752