Showing only posts tagged tactics. Show all posts.

This Week's Read List - 25 APR 2021-08 MAY 2021

TWRL - 3-year old undetected Linux malware; New Chinese backdoor; UNC2447 ransomware activities; PortDoor: new Chinese Back door; CodeCov IoCs; Pingback ICMP tunneling backdoor; Iranian state-sponsored ransomware; Decrypting Cobalt Strike communications; SVR Cyber operations; GitlabCI pipeline in Python; Evil Crow SDR; One Stop Anomaly Shop from Adobe; ISO analsysi with isodump.py; Synapse for intelligence analysis; OpenCTI for intelligence management; Mystikal for macOS payload generation; ScareCrow for DLL side loading payloads; ProcMon for Linux; Threat Intelligence in the homelab; Attack Detection Fundamentals 2021 - Azure; Qemu for binary reversing; and Smishing 101.

This Week's Read List - 18-25 APR 2021

TWRL - Lazarus Group uses BMP images to hide malware; Three 0-days in SonicWall Email Security product; HabitsRAT targeting Windows and Linux; SMB Enumeration with PowerSploit PowerView; Windows Event Logging and Collection Guidance; PyOTI Python module for threat intelligence; netdata for monitoring; SSH Tunnels and Proxies; and Attack Detection Fundamentals 2021 for AWS.

This Week's Read List - 04-17 APR 2021

TWRL - Links between Mount Locker and the Astro Locker Team; Vyveva - the new backdoor from Lazarus Group; AP34's updated arsenal; Iron Tiger's updated toolkit; HTML Lego phishing obfuscation; Unique deliver for IcedID; 0-day in Desktop Windows Manager; Emotet Case Study; Mirai Botnet Technical Analysis; SolarWinds earliest discovery?; Detecting Cobalt Strike DNS Redirectors; Detecting the "next" SolarWinds-like attack; Enhancing SecOps with ATT&CK; Aviary dashboard for Sparrow; FBI Press release about webshell removal; Malware Analysis Reports - DearCry, China Chopper and SUNSHUTTLE; SolarWinds related malware analaysis reports; Joint advisory about Russian aggression; List of opensource security tools; httpx; Zircolite; gau; GreyNoise Community API; IntelMQ; efiSeek; Powershell payload analysis; Attack Detection Fundamentals - Windows and macOS; Parsing Cobalt Strike Beacon Configs; Cyber attack simulator; Writing custom shellcode with Matryoshka; Free Python Books; and Learn X in Y Minutes.

This Week's Read List - 21 Mar 2021 - 03 APR 2021

TWRL - Purple fox rootkit; STIBINITE threat group; Exchange Server vulnerabilities; North Korean campaign against security researchers; QNAP devices vulnerable to 0-day; APT10 Ecipekac malware; Hades ransomware gang; Cobalt Strike: GUID shellcode obfuscation; Windows BITS Abuse; Hancitor, Cobalt Strike and Ping; Threat Matrix for Kubernetes; Automating threat actor tracking; Zero Trust Guidance; China Chopper analysis; Solitude - privacy checker; nzyme - WiFi IDS; Trapdoor - serverless honetoken framework; Yara Manager; Tracee - eBPF runtime security and forensics tool; How-to for Bluetooth Low Energy; Defender for Endpoint Training; Full-text search engine in Python; Sending pfSense and Suricate to Splunk; Decrypting RDP in Wireshark; and APT encounters of a third kind.

This Week's Read List - 14-20 MAR 2021

TWRL - F5 BIG-IP 9.8 severity exploited in the wild; Detecting F5 BIG-IP explitation; Detecting Cobalt Strike; Kuiper: a digital investigation platform; eBPFSnitch: a Linux application level firewall for containers; Buildroot: embedded Linux system generator; CHIRP: CISA Hunt and Incident Response Program; outrun: running local commands using remote processing; Silver Sniffle: encrypted chat CLI client with ncurses; Learning gRPC with Cisco IOS XR and the Always-on Sandbox; Reading ARM64 Assembly Language; How APTs use reverse proxies to nmap internal networks.

This Week's Read List - 07-13 MAR 2021

TWRL - Microsoft Exchange 0-day Exploitation; SUPERNOVA attributed to SPIRAL; Bazar and AnchorDNS malware; RedXOR malware targets Linux servers; Detection webshells on Microsoft Exchange; Cloud Federated Credential Abuse and Cobalt Strike analytics; CISA's reports related to Microsoft Exchange 0-Day exploitation; cosign from sigstore; Docker-OSX; Dockerfile best practices; OWASP Docker Security Cheatsheet; ThreatFox IoC Sharing Platform; GrayHatWarfare Exposed URL Shortener search; Packet Strider for SSH analysis; Dalfox for automated XSS scanning; Metasploit Gather Exchage - post exploitation module; cysimdjson Python module for JSON parsing; regexploit for finding vulnerable regular expressions; Reproducing the ProxyLogon exploit chain; Essential malware tools; and Dolt a SQL database with git-like functionality.

This Week's Read List - 28 FEB 2021-06 MAR 2021

TWRL - Microsoft Exchange 0-Days; New SolarWinds Malware Samples; Gootloader abuses Google SEO; RedEcho attacks India's electric grid; Working Spectre exploits for Windows and Linux; Ransomware targets VMware ESXi; Shadow attacks allow for signed PDF manipulation; Dragos releases details on KAMACITE; Networked devices under attack from Gafgyt botnet; Windows DNS SIGRed RCE PoC; Cobalt Strike defenses; Detecting Privilege Escalation with Falco; NSA and CISA release guidance on PDNS; KICS IaC static analyzer; Bastion runtime; Pyroscope continuous software profiler; YarIx for scalable YARA; Splitting the ping - true latency measurements; Fast Flux 101; Ghidra scripting development walkthrough; FlawedGrace in-depth analysis; and Hacking games with Ghidra.

This Week's Read List - 21-27 FEB 2021

TWRL - Gamaredon updates; New LazyScripter APT; Russian GRU targeting US grid; CrowdStrike Adversary Universe; CNAME Cloaking; Lazarus Group and ThreatNeedle malware; Kaiji cloud malware detection; Obscure Windows Event Logs; Leveraging Symantec EDR quarantine files for useful information; Historical DNS and threat investigations; CodeQL queries for SolarWinds breach activity; Cracking password protected payloads; CISA Accellion File Transfer Appliance Advisory and Malware report; REST API design best practices; Compare and contrast of modules, monoliths and microservices; Social Analyzer tool; Multipass and MaaS from Canonical; traitor for Linux privilege escalation; Sysdig and Falco for container/cloud native security; Decompiling Excel Formula malware; Bypassing MacOS XProtect for malware research and analysis; Network analysis using Brim, NetworkX and Jupyter; Malware of the day series; and XSS types and mitigations.

This Week's Read List - 14-20 FEB 2021

TWRL - Common tools and techniques leveraged by attackers on macOS; ngrok abuse for phishing; Turla's IronNetInjector; MITRE CASCADE; EQL Analytics Library; Sourcetrail code explorer; nuclei vulnerability scanner; ray.so code pictures; VirusTotal plugins for IDA Pro and GHIDRA; Tauri cross-platform development; Red Team Guides; enhanced Berkeley Packet Filters; Leveraging MITRE for a better SOC; ELF malware analysis; Python Programming and Numerical Methods; Python concurrency; Hunting for Anomalies using Time-series Analysis; Red Start OS Media; Strategies for reducing alert fatigue; and Theat intelligence and malware analysis.

This Week's Read List - 07-13 FEB 2021

TWRL - Extracting Cobalt Strike config from TEARDROP; Morse Code used for obfuscation in phishing campaign; Reverse engineering Emotet; SolarMarker Backdoor; Iranian Infy Malware resurgance; BendyBear Shellcode; BazarBackdoor; Iranian Static Kitten targets Middle-Eastern Countries; Increase in Webshell usage; Microsoft User Access Logs for DFIR; CISA's SUNBURST and TEARDROP analysis; FBI warning about Windows 7, weak passwords, and TeamViewer; BlobHunter for public Azure blobs; Cybersecurity Resource Catalogue; Cobalt Strike named pipes; Open Source Vulnerability database; Xeus-sql - SQL library for Jupyter; Haxe a cross-platform language and compiler; Jazzer - JVM Fuzzer; PE Tree from Blackberry; Flameshot screen capture software; Visualizing SSH Tunnels; Web Scraping with Python; Learning Heap Exploitation; Hunting with auditd; Ghidra scripting for embedded ELFs and UPX; Rust cookbook; Exploiting SerenityOS; LetsDefend blue-team training platform; Browser fuzzing at Mozilla; and Cubox-M tiny computer;

page 1 | older articles »