@lnd3v.bsky.social
Threat Intelligence, Pentester, SOC Analyst. Purple. Loves developing OSINT | Offensive tooling. Profile picture unrelated.
Reposted
CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action securityonline.info/cve-2024-913...
CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action
Critical vulnerabilities identified in Moxa's routers and network security appliances. Find out how CVE-2024-9140 and CVE-2024-9138 pose a risk to your infrastructure and data security.
securityonline.info
January 6, 2025 at 5:18 AM
CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action securityonline.info/cve-2024-913...
Reposted
Ever wanted to know what data #PowerShell or other programs send to AMSI. I wrote a C# COM server implementation that logs this data as a JSON string. Had some fun learning more about COM and .NET AOT with this little project github.com/jborean93/Am...
December 13, 2024 at 6:45 AM
Ever wanted to know what data #PowerShell or other programs send to AMSI. I wrote a C# COM server implementation that logs this data as a JSON string. Had some fun learning more about COM and .NET AOT with this little project github.com/jborean93/Am...
Reposted
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
How Chinese insiders exploit its surveillance state
'It's a double-edged sword,' security researchers tell The Reg
www.theregister.com
December 8, 2024 at 5:17 PM
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
Reposted
Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels www.darkreading.com/cloud-securi... #infosec
Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels
Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.
www.darkreading.com
December 6, 2024 at 10:53 AM
Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels www.darkreading.com/cloud-securi... #infosec
Nuke It From Orbit. It's the only way to be sure.
tl;dr: unprivileged user -> Defender removal on physical machine
github.com/lkarlslund/n...
tl;dr: unprivileged user -> Defender removal on physical machine
github.com/lkarlslund/n...
GitHub - lkarlslund/nifo: Nuke It From Orbit - remove AV/EDR with physical access
Nuke It From Orbit - remove AV/EDR with physical access - lkarlslund/nifo
github.com
December 4, 2024 at 10:13 AM
Nuke It From Orbit. It's the only way to be sure.
tl;dr: unprivileged user -> Defender removal on physical machine
github.com/lkarlslund/n...
tl;dr: unprivileged user -> Defender removal on physical machine
github.com/lkarlslund/n...
Open SourceUnified XDR and SIEM protection for endpoints and cloud workloads!
#siem #soc #monitoring #xdr #windowsagent
wazuh.com
#siem #soc #monitoring #xdr #windowsagent
wazuh.com
Wazuh - Open Source XDR. Open Source SIEM.
Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
wazuh.com
November 28, 2024 at 9:26 PM
Open SourceUnified XDR and SIEM protection for endpoints and cloud workloads!
#siem #soc #monitoring #xdr #windowsagent
wazuh.com
#siem #soc #monitoring #xdr #windowsagent
wazuh.com
“Awseye is an open-source intelligence (OSINT) and reconnaissance service that tracks and analyzes publicly accessible AWS data”
awseye.com
awseye.com
Awseye - See Inside AWS Accounts
Awseye tracks publicly accessible AWS data to help identify and secure known and exposed AWS resources. Empowering defenders with open-source intelligence.
awseye.com
November 28, 2024 at 9:22 PM
“Awseye is an open-source intelligence (OSINT) and reconnaissance service that tracks and analyzes publicly accessible AWS data”
awseye.com
awseye.com
New AMSI Bypss Technique Modifying CLR.DLL in Memory – Practical Security Analytics LLC
practicalsecurityanalytics.com/new-amsi-byp...
practicalsecurityanalytics.com/new-amsi-byp...
New AMSI Bypss Technique Modifying CLR.DLL in Memory
Introduction Recently, Microsoft has rolled out memory scanning signatures to detect manipulation of security critical userland APIs such as AMSI.dll::AmsiScanBuffer. You can read about the details…
practicalsecurityanalytics.com
November 28, 2024 at 8:26 AM
New AMSI Bypss Technique Modifying CLR.DLL in Memory – Practical Security Analytics LLC
practicalsecurityanalytics.com/new-amsi-byp...
practicalsecurityanalytics.com/new-amsi-byp...
Reposted
Finished! It wasn’t hard to do, just hard to find time. Close up of the fine details. (Hehe) #embroidery #ThisIsFine
November 23, 2024 at 5:45 AM
Finished! It wasn’t hard to do, just hard to find time. Close up of the fine details. (Hehe) #embroidery #ThisIsFine
Reposted
Today at @CYBERWARCON we watched arguably one of the most interesting talks we've seen in awhile. 🧵
November 22, 2024 at 7:09 PM
Today at @CYBERWARCON we watched arguably one of the most interesting talks we've seen in awhile. 🧵
Reposted
Sitting Ducks DNS Attacks Put Global Domains at Risk https://buff.ly/4fvqLGZ
Sitting Ducks DNS Attacks Put Global Domains at Risk
Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations
buff.ly
November 22, 2024 at 8:12 AM
Sitting Ducks DNS Attacks Put Global Domains at Risk https://buff.ly/4fvqLGZ
Reposted
Reposted
Kentekenscanners geronseld voor botnet. Via kwetsbaarheid in apparaten die end-of-life zijn, dus patching is niet aan de orde?!
www.agconnect.nl/tech-en-toek...
#cybersecurity #kwetsbaarheid #botnet #Mirai
#AGConnect #SijthoffMedia
www.agconnect.nl/tech-en-toek...
#cybersecurity #kwetsbaarheid #botnet #Mirai
#AGConnect #SijthoffMedia
Groot gat in digitale beveiliging van kentekenscanners ontdekt
In de digitale beveiliging van apparaten waarmee kentekenplaten worden gescand is een groot gat ontdekt. Het gaat om nummerbordscanners van het Taiwanese bedrijf Geovision, waarvan er vermoedelijk enk...
www.agconnect.nl
November 18, 2024 at 3:45 PM
Kentekenscanners geronseld voor botnet. Via kwetsbaarheid in apparaten die end-of-life zijn, dus patching is niet aan de orde?!
www.agconnect.nl/tech-en-toek...
#cybersecurity #kwetsbaarheid #botnet #Mirai
#AGConnect #SijthoffMedia
www.agconnect.nl/tech-en-toek...
#cybersecurity #kwetsbaarheid #botnet #Mirai
#AGConnect #SijthoffMedia
Hijacking satellite downstream-only links to obfuscate the physical location of C&C servers.
threatpost.com/turla-apt-gr...
www.blackhat.com/presentation...
threatpost.com/turla-apt-gr...
www.blackhat.com/presentation...
Turla APT Group Abusing Satellite Internet Links
Researchers at Kaspersky Lab have revealed that the Turla APT gang is using satellite-based Internet links to hide command-and-control activities.
threatpost.com
November 18, 2024 at 10:30 AM
Hijacking satellite downstream-only links to obfuscate the physical location of C&C servers.
threatpost.com/turla-apt-gr...
www.blackhat.com/presentation...
threatpost.com/turla-apt-gr...
www.blackhat.com/presentation...
IIS Backdoor using IIS components. cicada-8.medium.com/from-http-to...
From HTTP to RCE. How to leave backdoor in IIS
I will show the way of persistence on a target system using legitimate Microsoft product being Internet Information Services.
cicada-8.medium.com
November 17, 2024 at 10:55 AM
IIS Backdoor using IIS components. cicada-8.medium.com/from-http-to...
Recursive recon scanning for blue/red teams. Highly recommend to investigate digital attack surface. #bbot
m.youtube.com/watch?v=bCNn...
m.youtube.com/watch?v=bCNn...
The Dangers of Building a Recursive Internet Scanner by Joel Moore | BSides CHS 2024
YouTube video by BSidesCHS
m.youtube.com
November 16, 2024 at 5:42 PM
Recursive recon scanning for blue/red teams. Highly recommend to investigate digital attack surface. #bbot
m.youtube.com/watch?v=bCNn...
m.youtube.com/watch?v=bCNn...