Collect, Exfiltrate, Sleep, Repeat - The DFIR Report
https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/
Tommy M (TheAnalyst) on Twitter: "Speaking of which, today we see #IcedID via the same #OneNote template that #qbot actors #TA570 & #TA577 has been using the last few days. New obfuscation in the HTA though. https://t.co/tlid382wIN" / Twitter
https://twitter.com/ffforward/status/1621195397250289664
GitHub - DissectMalware/pyOneNote
https://github.com/DissectMalware/pyOneNote
Florian Roth ⚡ on Twitter: "There is still a high number of #QakBot dropping #OneNote (.one) phishing email attachments with very low AV detection rates Detection opportunity: ONENOTE.EXE spawning mshta.exe https://t.co/hyTuIC40yd https://t.co/yKxOhEdHs6" / Twitter
https://twitter.com/cyb3rops/status/1621864974334189570
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
https://thehackernews.com/2023/02/openssh-releases-patch-for-new-pre-auth.html
Apache SCXML Remote Code Execution
https://pyn3rd.github.io/2023/02/06/Apache-SCXML-Remote-Code-Execution/
Webinar Registration - Zoom
https://ghst.ly/3X4leNV
GitHub - crisprss/RasmanPotato: Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do
https://github.com/crisprss/RasmanPotato
Microsoft Ticking Timebombs - February 2023 Edition : sysadmin
https://www.reddit.com/r/sysadmin/comments/10tpq1v/microsoft_ticking_timebombs_february_2023_edition/
VMware社のESXiサーバを狙うランサムキャンペーン ESXiArgsに関する調査 - セキュリティ研究センターブログ
https://security.macnica.co.jp/blog/2023/02/esxiesxiargs.html
The DFIR Report on Twitter: "Collect, Exfiltrate, Sleep, Repeat ➡️Initial Access: Job App VBA Maldoc ➡️Discovery: PS Cmdlets, net, tzutil, etc. ➡️Persistence: Scheduled Tasks ➡️Collection: AutoHotkey Keylogger, Compress-Archive, makecab.exe ➡️C2: Custom PowerShell Framework https://t.co/uFbJzqkDWr 1/X" / Twitter
https://twitter.com/thedfirreport/status/1622586081513205760