Faisal
@faisalusuf.bsky.social
Security Analyst | Threat Intel | CTF | Security Researcher | Detection Engineering.
RT != Endorsement
@faisalusuf@infosec.exchange
@faisalusuf
RT != Endorsement
@faisalusuf@infosec.exchange
@faisalusuf
Reposted by Faisal
Kostya Kortchinsky, a security researcher from the Databricks security team, has discovered and helped patch an RCE vulnerability (CVE-2024-47561) in the Apache Avro data serialization library
lists.apache.org/thread/c2v7m...
lists.apache.org/thread/c2v7m...
October 8, 2024 at 10:27 AM
Kostya Kortchinsky, a security researcher from the Databricks security team, has discovered and helped patch an RCE vulnerability (CVE-2024-47561) in the Apache Avro data serialization library
lists.apache.org/thread/c2v7m...
lists.apache.org/thread/c2v7m...
Reposted by Faisal
Microsoft has open-sourced Drasi, a platform to detect and react to data changes in existing databases.
While the project has applications in software development, it can also used for raising alarms when a threat actor modifies existing infrastructure.
azure.microsoft.com/en-us/blog/d...
While the project has applications in software development, it can also used for raising alarms when a threat actor modifies existing infrastructure.
azure.microsoft.com/en-us/blog/d...
Introducing Drasi: Microsoft's new change data processing system | Microsoft Azure Blog
Drasi is Microsoft's new open-source project that simplifies change detection and reaction in complex systems.
azure.microsoft.com
October 8, 2024 at 10:27 AM
Microsoft has open-sourced Drasi, a platform to detect and react to data changes in existing databases.
While the project has applications in software development, it can also used for raising alarms when a threat actor modifies existing infrastructure.
azure.microsoft.com/en-us/blog/d...
While the project has applications in software development, it can also used for raising alarms when a threat actor modifies existing infrastructure.
azure.microsoft.com/en-us/blog/d...
@bellingcat.com Is there any geo restriction on your website ?
February 19, 2024 at 6:00 PM
@bellingcat.com Is there any geo restriction on your website ?
Threat hunting rules are published for OKTA support compromise-related IOCs.
Rules:
1- rules-threat-hunting/cloud/okta/okta_password_health_report_query.yml 2- rules-emerging-threats/2023/TA/Okta-Support-System-Breach/okta_apt_suspicious_user_creation.yml
Rules:
1- rules-threat-hunting/cloud/okta/okta_password_health_report_query.yml 2- rules-emerging-threats/2023/TA/Okta-Support-System-Breach/okta_apt_suspicious_user_creation.yml
File not found · SigmaHQ/sigma
Main Sigma Rule Repository. Contribute to SigmaHQ/sigma development by creating an account on GitHub.
https://github.com/SigmaHQ/sigma/blob/master/rules-emerging-threats/2023/TA/Okta-Support-System-Breach/README.md…
November 1, 2023 at 8:48 AM
Threat hunting rules are published for OKTA support compromise-related IOCs.
Rules:
1- rules-threat-hunting/cloud/okta/okta_password_health_report_query.yml 2- rules-emerging-threats/2023/TA/Okta-Support-System-Breach/okta_apt_suspicious_user_creation.yml
Rules:
1- rules-threat-hunting/cloud/okta/okta_password_health_report_query.yml 2- rules-emerging-threats/2023/TA/Okta-Support-System-Breach/okta_apt_suspicious_user_creation.yml
@sandboxescaper.bsky.social glad to see you sound.
November 1, 2023 at 8:45 AM
@sandboxescaper.bsky.social glad to see you sound.
The detection rules are published in Sigma official repo for both Lin and Win OS based on
@Mitiga_io report.
https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/
@Mitiga_io report.
https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/
August 4, 2023 at 11:59 AM
The detection rules are published in Sigma official repo for both Lin and Win OS based on
@Mitiga_io report.
https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/
@Mitiga_io report.
https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/
https://phish.ly An automated phishing analysis powered by Tines Tines and @canio.bsky.social
How it works behind the scene: https://www.tines.com/blog/phishly-democratizing-suspicious-email-analysis-tines-urlscan
How it works behind the scene: https://www.tines.com/blog/phishly-democratizing-suspicious-email-analysis-tines-urlscan
August 2, 2023 at 12:28 PM
https://phish.ly An automated phishing analysis powered by Tines Tines and @canio.bsky.social
How it works behind the scene: https://www.tines.com/blog/phishly-democratizing-suspicious-email-analysis-tines-urlscan
How it works behind the scene: https://www.tines.com/blog/phishly-democratizing-suspicious-email-analysis-tines-urlscan
Reposted by Faisal
Reposted by Faisal
We are seeing exploitation attempts for Citrix ShareFile storage zones controller CVE-2023-24489 (CVSS 9.8 RCE). 13th June Citrix Advisory with details: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
ShareFile StorageZones Controller Security Update for CVE-2023-24489
ShareFile StorageZones Controller Security Update for CVE-2023-24489
support.citrix.com
July 26, 2023 at 9:18 AM
We are seeing exploitation attempts for Citrix ShareFile storage zones controller CVE-2023-24489 (CVSS 9.8 RCE). 13th June Citrix Advisory with details: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489