TWRL - 3-year old undetected Linux malware; New Chinese backdoor;
UNC2447 ransomware activities; PortDoor: new Chinese Back door; CodeCov IoCs;
Pingback ICMP tunneling backdoor; Iranian state-sponsored ransomware;
Decrypting Cobalt Strike communications; SVR Cyber operations; GitlabCI
pipeline in Python; Evil Crow SDR; One Stop Anomaly Shop from Adobe; ISO
analsysi with isodump.py; Synapse for intelligence analysis; OpenCTI for
intelligence management; Mystikal for macOS payload generation; ScareCrow
for DLL side loading payloads; ProcMon for Linux; Threat Intelligence in the
homelab; Attack Detection Fundamentals 2021 - Azure; Qemu for binary reversing;
and Smishing 101.
TWRL - Lazarus Group uses BMP images to hide malware; Three 0-days
in SonicWall Email Security product; HabitsRAT targeting Windows and Linux;
SMB Enumeration with PowerSploit PowerView; Windows Event Logging and Collection
Guidance; PyOTI Python module for threat intelligence; netdata for monitoring;
SSH Tunnels and Proxies; and Attack Detection Fundamentals 2021 for AWS.
TWRL - Links between Mount Locker and the Astro Locker Team; Vyveva -
the new backdoor from Lazarus Group; AP34's updated arsenal; Iron Tiger's
updated toolkit; HTML Lego phishing obfuscation; Unique deliver for IcedID;
0-day in Desktop Windows Manager; Emotet Case Study; Mirai Botnet Technical
Analysis; SolarWinds earliest discovery?; Detecting Cobalt Strike DNS Redirectors;
Detecting the "next" SolarWinds-like attack; Enhancing SecOps with ATT&CK;
Aviary dashboard for Sparrow; FBI Press release about webshell removal;
Malware Analysis Reports - DearCry, China Chopper and SUNSHUTTLE; SolarWinds
related malware analaysis reports; Joint advisory about Russian aggression;
List of opensource security tools; httpx; Zircolite; gau; GreyNoise Community
API; IntelMQ; efiSeek; Powershell payload analysis; Attack Detection Fundamentals
- Windows and macOS; Parsing Cobalt Strike Beacon Configs; Cyber attack simulator;
Writing custom shellcode with Matryoshka; Free Python Books; and Learn X in Y Minutes.
TWRL - Purple fox rootkit; STIBINITE threat group; Exchange Server
vulnerabilities; North Korean campaign against security researchers; QNAP
devices vulnerable to 0-day; APT10 Ecipekac malware; Hades ransomware gang;
Cobalt Strike: GUID shellcode obfuscation; Windows BITS Abuse; Hancitor, Cobalt
Strike and Ping; Threat Matrix for Kubernetes; Automating threat actor tracking;
Zero Trust Guidance; China Chopper analysis; Solitude - privacy checker;
nzyme - WiFi IDS; Trapdoor - serverless honetoken framework; Yara Manager;
Tracee - eBPF runtime security and forensics tool; How-to for Bluetooth Low
Energy; Defender for Endpoint Training; Full-text search engine in Python;
Sending pfSense and Suricate to Splunk; Decrypting RDP in Wireshark; and
APT encounters of a third kind.
TWRL - F5 BIG-IP 9.8 severity exploited in the wild; Detecting F5
BIG-IP explitation; Detecting Cobalt Strike; Kuiper: a digital investigation
platform; eBPFSnitch: a Linux application level firewall for containers;
Buildroot: embedded Linux system generator; CHIRP: CISA Hunt and Incident
Response Program; outrun: running local commands using remote processing;
Silver Sniffle: encrypted chat CLI client with ncurses; Learning gRPC with
Cisco IOS XR and the Always-on Sandbox; Reading ARM64 Assembly Language;
How APTs use reverse proxies to nmap internal networks.
TWRL - Microsoft Exchange 0-day Exploitation; SUPERNOVA attributed to
SPIRAL; Bazar and AnchorDNS malware; RedXOR malware targets Linux servers;
Detection webshells on Microsoft Exchange; Cloud Federated Credential Abuse
and Cobalt Strike analytics; CISA's reports related to Microsoft Exchange 0-Day
exploitation; cosign from sigstore; Docker-OSX; Dockerfile best practices;
OWASP Docker Security Cheatsheet; ThreatFox IoC Sharing Platform; GrayHatWarfare
Exposed URL Shortener search; Packet Strider for SSH analysis; Dalfox for
automated XSS scanning; Metasploit Gather Exchage - post exploitation module;
cysimdjson Python module for JSON parsing; regexploit for finding vulnerable
regular expressions; Reproducing the ProxyLogon exploit chain; Essential
malware tools; and Dolt a SQL database with git-like functionality.
TWRL - Microsoft Exchange 0-Days; New SolarWinds Malware Samples; Gootloader
abuses Google SEO; RedEcho attacks India's electric grid; Working Spectre
exploits for Windows and Linux; Ransomware targets VMware ESXi; Shadow attacks
allow for signed PDF manipulation; Dragos releases details on KAMACITE; Networked
devices under attack from Gafgyt botnet; Windows DNS SIGRed RCE PoC; Cobalt
Strike defenses; Detecting Privilege Escalation with Falco; NSA and CISA
release guidance on PDNS; KICS IaC static analyzer; Bastion runtime; Pyroscope
continuous software profiler; YarIx for scalable YARA; Splitting the ping -
true latency measurements; Fast Flux 101; Ghidra scripting development walkthrough;
FlawedGrace in-depth analysis; and Hacking games with Ghidra.
TWRL - Gamaredon updates; New LazyScripter APT; Russian GRU targeting
US grid; CrowdStrike Adversary Universe; CNAME Cloaking; Lazarus Group and
ThreatNeedle malware; Kaiji cloud malware detection; Obscure Windows Event
Logs; Leveraging Symantec EDR quarantine files for useful information; Historical
DNS and threat investigations; CodeQL queries for SolarWinds breach activity;
Cracking password protected payloads; CISA Accellion File Transfer Appliance
Advisory and Malware report; REST API design best practices; Compare and
contrast of modules, monoliths and microservices; Social Analyzer tool;
Multipass and MaaS from Canonical; traitor for Linux privilege escalation;
Sysdig and Falco for container/cloud native security; Decompiling Excel Formula
malware; Bypassing MacOS XProtect for malware research and analysis; Network
analysis using Brim, NetworkX and Jupyter; Malware of the day series; and
XSS types and mitigations.
TWRL - Common tools and techniques leveraged by attackers on macOS;
ngrok abuse for phishing; Turla's IronNetInjector; MITRE CASCADE; EQL Analytics
Library; Sourcetrail code explorer; nuclei vulnerability scanner; ray.so code
pictures; VirusTotal plugins for IDA Pro and GHIDRA; Tauri cross-platform development;
Red Team Guides; enhanced Berkeley Packet Filters; Leveraging MITRE for a better SOC;
ELF malware analysis; Python Programming and Numerical Methods; Python concurrency;
Hunting for Anomalies using Time-series Analysis; Red Start OS Media; Strategies
for reducing alert fatigue; and Theat intelligence and malware analysis.
TWRL - Extracting Cobalt Strike config from TEARDROP; Morse Code used
for obfuscation in phishing campaign; Reverse engineering Emotet; SolarMarker
Backdoor; Iranian Infy Malware resurgance; BendyBear Shellcode; BazarBackdoor;
Iranian Static Kitten targets Middle-Eastern Countries; Increase in Webshell usage;
Microsoft User Access Logs for DFIR; CISA's SUNBURST and TEARDROP analysis;
FBI warning about Windows 7, weak passwords, and TeamViewer; BlobHunter for
public Azure blobs; Cybersecurity Resource Catalogue; Cobalt Strike named pipes;
Open Source Vulnerability database; Xeus-sql - SQL library for Jupyter; Haxe
a cross-platform language and compiler; Jazzer - JVM Fuzzer; PE Tree from
Blackberry; Flameshot screen capture software; Visualizing SSH Tunnels; Web
Scraping with Python; Learning Heap Exploitation; Hunting with auditd; Ghidra
scripting for embedded ELFs and UPX; Rust cookbook; Exploiting SerenityOS;
LetsDefend blue-team training platform; Browser fuzzing at Mozilla; and Cubox-M
tiny computer;