Initial access broker repurposing techniques in targeted attacks against Ukraine
https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/
Get-RdpLogonEvent.ps1 · GitHub
https://gist.github.com/awakecoding/5fda938a5fd2d29ebffb31eb023fe51c
DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa - Check Point Research
https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/
Sensitive Command Token - So much offense in my defense
https://blog.thinkst.com/2022/09/sensitive-command-token-so-much-offense.html
APT42: Crooked Charms, Cons, and Compromises | Mandiant
https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises
Shikitega - New stealthy malware targeting Linux | AT&T Alien Labs
https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux
Taggart Tech
https://taggart-tech.com/quasar-electron/
Working with HTTP/2 in Burp Suite - PortSwigger
https://portswigger.net/burp/documentation/desktop/http2
SOC Core Skills w/ John Strand - Antisyphon
https://www.antisyphontraining.com/soc-core-skills-w-john-strand/
Get Your SOCKS on with gTunnel. tl;dr: Steps to setup a wicked fast… | by Elliott Grey | Sep, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/get-your-socks-on-with-gtunnel-4a70a9b82b24
Material on foreign nation’s nuclear capabilities seized at Trump’s Mar-a-Lago - The Washington Post
https://www.washingtonpost.com/national-security/2022/09/06/trump-nuclear-documents/
MalwareBazaar | SHA256 5a394d20736a664d2d1bdf79c05799eb30739c7c21770671e93110792914b02e (Vjw0rm)
https://bazaar.abuse.ch/sample/5a394d20736a664d2d1bdf79c05799eb30739c7c21770671e93110792914b02e/
Jason Brodsky on Twitter: "#BREAKING: #Albania’s prime minister announces the severing of diplomatic relations with #Iran after a cyberattack. This happened around the time of the MEK conference, which had to be cancelled as well due to a terror threat. https://t.co/NXdioQjW4p" / Twitter
https://twitter.com/JasonMBrodsky/status/1567465232083165184
200,000 North Face accounts hacked in credential stuffing attack
https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/
New Linux malware evades detection using multi-stage deployment
https://www.bleepingcomputer.com/news/security/new-linux-malware-evades-detection-using-multi-stage-deployment/
ShmooCon – Less Moose Than Ever
http://www.shmoocon.org
Maddie Stone on Twitter: "✨New RCA up for CVE-2021-39793 (assigned by Google Pixel)/CVE-2022-22706 (assigned by ARM) thanks to @tehjh. ITW 0-day in Mali GPU driver fixed in March 2022 Pixel security bulletin. https://t.co/G3HMXzpuE2" / Twitter
https://twitter.com/maddiestone/status/1565102095824326656
Brooklyn Public Library - Library Card Application
https://disc.bklynlibrary.org/card/
MalwareBazaar | SHA256 ee37c95d10c93066599d6de775cc3b91503feff1509d12257fa5c83e7875e0f1 (AgentTesla)
https://bazaar.abuse.ch/sample/ee37c95d10c93066599d6de775cc3b91503feff1509d12257fa5c83e7875e0f1/
IcedID_09_07_2022.txt · GitHub
https://gist.github.com/myrtus0x0/26855fd256af1dedc728583512f138e2
Payloads All The Things
https://swisskyrepo.github.io/PayloadsAllTheThingsWeb/
#StopRansomware: Vice Society | CISA
https://www.cisa.gov/uscert/ncas/alerts/aa22-249a