CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit | Securelist
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
PART 2: How I Met Your Beacon - Cobalt Strike - MDSec
https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/
The End of PPLdump | itm4n's blog
https://itm4n.github.io/the-end-of-ppldump/
VirusTotal - File - 0f5e3d33c824f9f03d038b4f1a376b15cc5f1694aef086bd17c516ad951fc45a
https://www.virustotal.com/gui/file/0f5e3d33c824f9f03d038b4f1a376b15cc5f1694aef086bd17c516ad951fc45a/detection
Intezer Analyze – Security analysts' trusted advisor
https://analyze.intezer.com/analyses/337ed9a1-b257-474c-9b49-0a60f93adb9d
Ivan Kwiatkowski on Twitter: "New blog post about an UEFI firmware bootkit! https://t.co/zDXWFOjf7z Research was led by our dearly missed @_marklech_" / Twitter
https://twitter.com/JusticeRage/status/1551509779801071619
IcedID_07_25_2022.txt · GitHub
https://gist.github.com/myrtus0x0/d36bacc2a6b2445ea9cfdd82635d0d74
GitHub - enkomio/AlanFramework: A C2 post-exploitation framework
https://github.com/enkomio/AlanFramework
GitHub - mandiant/Azure_Workshop
https://github.com/mandiant/Azure_Workshop
Old cat, new tricks, bad habits
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/old-cat-new-tricks.html
QBot phishing uses Windows Calculator sideloading to infect devices
https://www.bleepingcomputer.com/news/security/qbot-phishing-uses-windows-calculator-sideloading-to-infect-devices/
GitHub - DeimosC2/DeimosC2: DeimosC2 is a Golang command and control framework for post-exploitation.
https://github.com/DeimosC2/DeimosC2
Revealed: Documents Show How Roblox Planned to Bend to Chinese Censorship
https://www.vice.com/en/article/wxndpx/revealed-documents-show-how-roblox-planned-to-bend-to-chinese-censorship
Hackers exploited PrestaShop zero-day to breach online stores
https://www.bleepingcomputer.com/news/security/hackers-exploited-prestashop-zero-day-to-breach-online-stores/
Defeating Javascript Obfuscation | PerimeterX
https://www.perimeterx.com/tech-blog/2022/defeating-javascript-obfuscation/
GitHub - diversenok/TokenUniverse: An advanced tool for working with access tokens and Windows security policy.
https://github.com/diversenok/TokenUniverse
Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants
https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html
GitHub - last-byte/RIPPL: RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows
https://github.com/last-byte/RIPPL/
Deep understand ASPX file handling and some related attack vectors
https://blog.viettelcybersecurity.com/deep-understand-aspx-file-handling-and-some-related-attack-vector/