Defining the Cobalt Strike Reflective Loader
https://securityintelligence.com/posts/defining-cobalt-strike-reflective-loader/
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
https://thehackernews.com/2023/03/batloader-malware-uses-google-ads-to.html
Microsoft OneNote to get enhanced security after recent malware abuse
https://www.bleepingcomputer.com/news/microsoft/microsoft-onenote-to-get-enhanced-security-after-recent-malware-abuse/
Rob Joyce on Twitter: "Ok internet help me caption this photo with legendary status amongst my friends.... https://t.co/gZIs9FQGBz" / Twitter
https://twitter.com/NSA_CSDirector/status/1634353960323514376
New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres
https://www.bleepingcomputer.com/news/security/new-gobruteforcer-malware-targets-phpmyadmin-mysql-ftp-postgres/
PSBits/OfflineSAM/OfflineAddAdmin2 at master · gtworek/PSBits · GitHub
https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2
Rule Info MAL_Stealc_Stealer_Feb23 - Valhalla
https://valhalla.nextron-systems.com/info/rule/MAL_Stealc_Stealer_Feb23
Bobby Cooke on Twitter: "We've just released the first post in the Cobalt Strike reflective loader blog series! 🥷This one took allot of effort and I am excited to share it with you! The better it does, the better i'll make the next ones 😉 https://t.co/ZA2eoIwy5t" / Twitter
https://twitter.com/0xBoku/status/1634275854275723265
Matthew Green on Twitter: "If you take comfort from the fact that these systems are aimed at “awful crimes” or “will be fully transparent”, please don’t. The nature of these proposals is that they will be easy to reprogram, either by law or by technical accident." / Twitter
https://twitter.com/matthew_d_green/status/1634282254716358671
Shared Modules, Technique T1129 - Enterprise | MITRE ATT&CK®
https://attack.mitre.org/techniques/T1129/
Prometei bot evolves and infected +10,000 systems since Nov 22Security Affairs
https://securityaffairs.com/143343/hacking/prometei-botnet-v3.html
Brazil seizing Flipper Zero shipments to prevent use in crime
https://www.bleepingcomputer.com/news/security/brazil-seizing-flipper-zero-shipments-to-prevent-use-in-crime/
Reflective Code Loading, Technique T1620 - Enterprise | MITRE ATT&CK®
https://attack.mitre.org/techniques/T1620/
unusual_whales on Twitter: "BREAKING: Nearly half of all US venture capital-backed startups were involved with Silicon Valley Bank, per Bloomberg." / Twitter
https://twitter.com/unusual_whales/status/1634336485443862529
Scripts-With-Malware-Analysis/stealc_stealer at main · MalGamy/Scripts-With-Malware-Analysis · GitHub
https://github.com/MalGamy/Scripts-With-Malware-Analysis/tree/main/stealc_stealer
GOAD - part 5 - exploit with user | Mayfly
https://mayfly277.github.io/posts/GOADv2-pwning-part5/
BBC will not broadcast Attenborough episode over fear of ‘rightwing backlash’ | BBC | The Guardian
https://www.theguardian.com/media/2023/mar/10/david-attenborough-bbc-wild-isles-episode-rightwing-backlash-fears?CMP=share_btn_tw
Mental health provider Cerebral alerts 3.1M people of data breach
https://www.bleepingcomputer.com/news/security/mental-health-provider-cerebral-alerts-31m-people-of-data-breach/
GitHub - marin-m/vmlinux-to-elf: A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
https://github.com/marin-m/vmlinux-to-elf
Mario Nawfal on Twitter: "#BREAKING: 12 days ago, Gregory Becker, the CEO of Silicon Valley Bank, sold 11% of his shares Daniel Beck, the CFO, sold 32% of his holdings CMO Michelle Draper sold 28% Something doesn't seem right... https://t.co/T7xzb2w2jb" / Twitter
https://twitter.com/MarioNawfal/status/1634363165327728641
GOAD - part 6 - ADCS | Mayfly
https://mayfly277.github.io/posts/GOADv2-pwning-part6/
Technical Analysis of Rhadamanthys Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques
Rachel Tobac on Twitter: "*Phish Incoming Alert* Former Silicon Valley Bank users — your bank closing will likely be used as a phishing pretext by cyber criminals over email, text message, and phone call. Financial fear tricks folks fast. Slow down & verify any email/text/call is legit before taking…" / Twitter
https://twitter.com/i/web/status/1634237369888149506
GitHub - Orange-Cyberdefense/GOAD: game of active directory
https://github.com/Orange-Cyberdefense/GOAD
100DY_2023/RhadamanthysQ3VM.yara at main · MayerDaniel/100DY_2023 · GitHub
https://github.com/MayerDaniel/100DY_2023/blob/main/dan/RhadamanthysQ3VM.yara
Ejercito Espía - Ejército Espía
https://ejercitoespia.r3d.mx/
Mike Safari on Twitter: "@troyhunt Another security notification; this time an online retailer in Canada. https://t.co/R84aC6P8q9" / Twitter
https://twitter.com/MikeSafariMusic/status/1634251270817980424
Call for Villages - Blue Team Con
https://blueteamcon.com/2023/cfv
International Law Enforcement Takes Down Infamous NetWire Cross-Platform RAT
https://thehackernews.com/2023/03/international-law-enforcement-takes.html
Matthew Green on Twitter: "The EU’s “chat control” legislation is the most alarming proposal I’ve ever read. Taken in context, it is essentially a design for the most powerful text and image-based mass surveillance system the free world has ever seen." / Twitter
https://twitter.com/matthew_d_green/status/1634252397919739921
China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware
https://thehackernews.com/2023/03/china-linked-hackers-targeting.html
GOAD - part 3 - enumeration with user | Mayfly
https://mayfly277.github.io/posts/GOADv2-pwning-part3/
Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant
https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html
Gi7w0rm on Twitter: "So as mentioned yesterday, I have managed to get blocked from 2 ASNs (Galaxy LLC and Partner LLC). AS204603 & AS211409 respectively. To give you an impression of what this means in terms of crawling numbers: GalaxyLLC: 29/128 #RecordBreaker Servers 20/34 #Aurora #Stealer Panels…" / Twitter
https://twitter.com/i/web/status/1634517826126880768
Blackbaud to pay $3M for misleading ransomware attack disclosure
https://www.bleepingcomputer.com/news/security/blackbaud-to-pay-3m-for-misleading-ransomware-attack-disclosure/
Speakers | Hack Space Con '23
https://www.hackspacecon.com/speakers
GOAD - part 1 - reconnaissance and scan | Mayfly
https://mayfly277.github.io/posts/GOADv2-pwning_part1/
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide
https://thehackernews.com/2023/03/new-version-of-prometei-botnet-infects.html
AT&T alerts 9 million customers of data breach after vendor hack
https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/
APT_REPORT/Memo-Citizen-Lab-Raymundo-Ramos-230304.pdf at master · blackorbird/APT_REPORT · GitHub
https://github.com/blackorbird/APT_REPORT/blob/master/NSOGroup/Memo-Citizen-Lab-Raymundo-Ramos-230304.pdf
CISA warns of critical VMware RCE flaw exploited in attacks
https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-vmware-rce-flaw-exploited-in-attacks/
Game Of Active Directory v2 | Mayfly
https://mayfly277.github.io/posts/GOADv2/
Security researchers targeted with new malware via job offers on LinkedIn
https://www.bleepingcomputer.com/news/security/security-researchers-targeted-with-new-malware-via-job-offers-on-linkedin/
Secure messaging apps line up to warn UK’s Online Safety Bill risks web security | TechCrunch
https://techcrunch.com/2023/03/10/uk-osb-e2ee-warning/
Twitter’s $42,000-per-Month API Prices Out Nearly Everyone | WIRED
https://www.wired.com/story/twitter-data-api-prices-out-nearly-everyone/
GOAD - part 2 - find users | Mayfly
https://mayfly277.github.io/posts/GOADv2-pwning-part2/