Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits - Microsoft Security Blog
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
Corrupting memory without memory corruption | The GitHub Blog
https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/
EXCLUSIVE EU found evidence employee phones compromised with spyware -letter | Reuters
https://www.reuters.com/technology/exclusive-eu-found-evidence-employee-phones-compromised-with-spyware-letter-2022-07-27/
x86matthew - EmbedExeReg - Embedding an EXE inside a .REG file with automatic execution
https://www.x86matthew.com/view_post?id=embed_exe_reg
GitHub - AzureAD/AzureADAssessment: Tooling for assessing an Azure AD tenant state and configuration
https://github.com/AzureAD/AzureADAssessment
Hackers scan for vulnerabilities within 15 minutes of disclosure
https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/
Clément Labro on Twitter: "The July 2022 update of Windows 10/11 killed PPLdump 💀😢 Find out how in this blog post... 👉 https://t.co/o0izvkkSm0 https://t.co/2jDDqc9Zlo" / Twitter
https://twitter.com/itm4n/status/1551209957424615426
Microsoft Security Intelligence on Twitter: "Microsoft discovered and patched a 0-day exploit (CVE-2022-22047) that #KNOTWEED, an Austria-based private sector offensive actor, used to deploy #Subzero malware. Analysis of campaigns, tactics, & payloads in this #MSTIC blog w/ @msftsecresponse @RiskIQ: https://t.co/9QZbKSo9FA" / Twitter
https://twitter.com/MsftSecIntel/status/1552294738933547009
VirusTotal - File - 05b1435fe2c0264683a755daa6f26655815482b38ba8fabd781e24ad7eb66c9b
https://www.virustotal.com/gui/file/05b1435fe2c0264683a755daa6f26655815482b38ba8fabd781e24ad7eb66c9b
GitHub - FSecureLABS/physmem2profit: Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
https://github.com/FSecureLABS/physmem2profit
VirusTotal - File - 99472fee5838154a9b9368a76ed799580796beb9270abc46ea42da141e0f490b
https://www.virustotal.com/gui/file/99472fee5838154a9b9368a76ed799580796beb9270abc46ea42da141e0f490b
Cobalt Strike 10th Anniversary Celebration - YouTube
https://youtu.be/ScMkuwBxkSA
New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts
https://thehackernews.com/2022/07/new-ducktail-infostealer-malware.html
Patrick Howell O'Neill on Twitter: "A PR firm is pitching a DEF CON meeting with Glenn Greenwald who is going to the con "with" privacy phone maker https://t.co/vOJvhWiplq. Been a minute since we've had a new "government-grade" privacy phone, this one is due to launch Nov 22. Anyone have any thoughts on the phone?" / Twitter
https://twitter.com/HowellONeill/status/1552031408595648513
Continuing the fight against private sector cyberweapons - Microsoft On the Issues
https://blogs.microsoft.com/on-the-issues/2022/07/27/private-sector-cyberweapons-psoas-knotweed/
IcedID/icedID_27.07.2022.txt at main · pr0xylife/IcedID · GitHub
https://github.com/pr0xylife/IcedID/blob/main/icedID_27.07.2022.txt
How to analyze Linux malware – A case study of Symbiote – CYBER GEEKS
https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/
Codebreakers Find ‘Sexts,’ Arctic Dispatches in 200-Year-Old Encrypted Newspaper Ads
http://vice.com/en/article/4axwz3/codebreakers-find-sexts-arctic-dispatches-in-200-year-old-encrypted-newspaper-ads
These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware
https://thehackernews.com/2022/07/these-28-android-apps-with-10-million.html
How cybercriminals are using messaging apps to launch… | Intel471
https://intel471.com/blog/cybercrime-telegram-discord-automation-chatbots
MalwareBazaar | SHA256 3f3c968e423f661628f4da7545572474a8ce3f51e46a1988725b77dccc8d9e2f
https://bazaar.abuse.ch/sample/3f3c968e423f661628f4da7545572474a8ce3f51e46a1988725b77dccc8d9e2f/
DUCKTAIL: An infostealer malware targeting Facebook Business accounts
https://labs.withsecure.com/publications/ducktail
Framing without iframes | PortSwigger Research
https://portswigger.net/research/framing-without-iframes