Prioritization of the Detection Engineering Backlog | by Joshua Prager | Oct, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/prioritization-of-the-detection-engineering-backlog-dcb18a896981
Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis | Splunk
https://www.splunk.com/en_us/blog/security/deliver-a-strike-by-reversing-a-badger-brute-ratel-detection-and-analysis.html
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse – Sophos News
https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/
Added simple command to test CVE_2022_33679. · tyranid/Rubeus@3092e1f · GitHub
https://github.com/tyranid/Rubeus/commit/3092e1f11164bf379708b815a05061783653e834
Matt Hodges on Twitter: "Well this is something ... I think I just discovered that macOS is background scanning images on my computer and, when those images are QR codes that point to URLs, it's decoding the codes and requesting the URL... 1/" / Twitter
https://twitter.com/hodgesmr/status/1577650545107533826
James Forshaw on Twitter: "With a little bit of CTRL+K CTRL+C it works. This is why I write my own tooling though 😁 https://t.co/8YgzEBgiXR" / Twitter
https://twitter.com/tiraniddo/status/1577363903092244501
GitHub - antonioCoco/JuicyPotatoNG: Another Windows Local Privilege Escalation from Service Account to System
https://github.com/antonioCoco/JuicyPotatoNG
Dissect 3.2-1-gca63b48 documentation
https://docs.dissect.tools
Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds
https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/d3788e69dd125449af3d985de93701c49cef0658bc98e3b449185f86cbee027d/
Nuitka Commercial — Nuitka the Python Compiler documentation
https://nuitka.net/doc/commercial.html
Qakbot/Qakbot_BB_05.10.2022.txt at main · pr0xylife/Qakbot · GitHub
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_05.10.2022.txt
MalwareHunterTeam on Twitter: ""weather.apk": cbfa2aa73ea8bdc126c6767efd61a822786f4b48479859a6d14246a25d8ebd1a Started close to FUD. From (down already, should have tweet faster, fuck... 😂😫): https://weather-latest[.]com/assets/apk/weather.apk Dracarys, the APT stuff? @bl4ckh0l3z @LukasStefanko https://t.co/1CNrl7kdbt" / Twitter
https://twitter.com/malwrhunterteam/status/1577401341768568854![MalwareHunterTeam on Twitter: ""weather.apk": cbfa2aa73ea8bdc126c6767efd61a822786f4b48479859a6d14246a25d8ebd1a Started close to FUD. From (down already, should have tweet faster, fuck... 😂😫): https://weather-latest[.]com/assets/apk/weather.apk Dracarys, the APT stuff? @bl4ckh0l3z @LukasStefanko https://t.co/1CNrl7kdbt" / Twitter](/image/screenshot/491bf78792195b24f83480da3aa5ca5e.webp)
Tracking Earth Aughisky’s Malware and Changes
https://www.trendmicro.com/en_us/research/22/j/tracking-earth-aughiskys-malware-and-changes.html
Malicious Tor Browser spreads through YouTube | Securelist
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
Securing Developer Tools: A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
Malware-IOCs/2022-10-04 Remcos IOCs at main · executemalware/Malware-IOCs · GitHub
https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-04%20Remcos%20IOCs
eset_threat_report_t22022.pdf
https://www.welivesecurity.com/wp-content/uploads/2022/10/eset_threat_report_t22022.pdf