Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration - dirkjanm.io
https://dirkjanm.io/introducing-roadtools-token-exchange-roadtx/
GitHub - dirkjanm/ROADtools: The Azure AD exploration framework.
https://github.com/dirkjanm/ROADtools
Certificates and Pwnage and Patches, Oh My! | by Will Schroeder | Nov, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
https://breakdev.org/zip-motw-bug-analysis/
Tales of Windows detection opportunities for an implant framework – NCC Group Research
https://research.nccgroup.com/2022/11/09/tales-of-windows-detection-opportunities-for-an-implant-framework/
They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming | Mandiant
https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming
Lord Of The Ring0 - Part 1 | Introduction - Ido Veltzman - Security Blog
https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
GitHub - alfarom256/CVE-2022-3699: Lenovo Diagnostics Driver EoP - Arbitrary R/W
https://github.com/alfarom256/CVE-2022-3699/
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity - Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post
https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
Lord Of The Ring0 - Part 3 | Sailing to the land of the user (and debugging the ship) - Ido Veltzman - Security Blog
https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Lord Of The Ring0 - Part 2 | A tale of routines, IOCTLs and IRPs - Ido Veltzman - Security Blog
https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
APT trends report Q3 2022 | Securelist
https://securelist.com/apt-trends-report-q3-2022/107787/
Esther Crawford ✨ on Twitter: "A lot of folks have asked about how you'll be able to distinguish between @TwitterBlue subscribers with blue checkmarks and accounts that are verified as official, which is why we’re introducing the “Official" label to select accounts when we launch. https://t.co/0p2Ae5nWpO" / Twitter
https://twitter.com/esthercrawford/status/1590109344976470016
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html
Several Cyber Attacks Observed Leveraging IPFS Decentralized Network
https://thehackernews.com/2022/11/several-cyber-attacks-observed.html
Windows Forensic Analysis | SANS Poster
https://www.sans.org/posters/windows-forensic-analysis/
VirusTotal - File - f3d8916b99d7e6301a885b2ec4aaf9635f1713464c53b1604d3b4e1abd673c36
https://www.virustotal.com/gui/file/f3d8916b99d7e6301a885b2ec4aaf9635f1713464c53b1604d3b4e1abd673c36
The Case of Cloud9 Chrome Botnet - Zimperium
https://www.zimperium.com/blog/the-case-of-cloud9-chrome-botnet/
GitHub - CCob/Volumiser
https://github.com/CCob/Volumiser