Dive into the technical details of patch diffing CVE-2024-3400 using a Palo Alto NGFW Marketplace AMI.

Learn how Sprocket Security analyzed the vulnerability by mounting snapshots and comparing patched and vulnerable versions.
sprocketsecurity.com/resources/patc…

Google patches third exploited Chrome zero-day in a week - Sergiu Gatlan
bleepingcomputer.com/news/google/go…

bleepingcomputer.com/news/google/go…

Proof PowerShell isn’t dead

The way Microsoft chose to implement this in Conditional Access is fundamentally broken (forcing use of Device platform)

Be sure to read rootsecdev's blog post on how to test and alternative options to secure this better 🔥

Hack web APIs using agents: github.com/dreadnode/rigg…

Memory, goals, context pinning, actions, etc.

hanspetrich has been hacking on this stuff internally

The nicest thing Jason Lang ever said about me 🥲

.Volexity shares new observations following its discovery of CVE-2024-3400 + #0day exploitation of the GlobalProtect feature in Palo Alto Networks firewalls and offers guidance for detecting compromise.

More here: volexity.com/blog/2024/05/1…

#dfir #threatintel #memoryforensics

It’s time for “Everything I know about *topic* I learned from Twitter” shirts

🔬 XZ Utils Made Me Paranoid

@trustedsec's Kevin Haubris built a scanner to detect backdoors like XZ Utils

It identifies hooks in process memory, and compares them with on-disk binaries

🛠️ VerifyELF - tool repo
github.com/trustedsec/Ver…

trustedsec.com/blog/xz-utils-…

virustotal.com/gui/file/9f180… 'Desktop Window Manager local privilege escalation.docx'

4 FREE solutions, low complexity, huge security dividends

1) Use Windows LAPS
2) Use Hello for Business
3) Use Windows Firewall, default to Block all inbound (define rules)
4) Use AppLocker to restrict users from running admin tools like PowerShell, WMIC, MSBuild, certutil, etc

Developing situation…

Absolute *madness* unfolding in the CTI grifter community right now, as social media influencers scramble to find a new source of spooky “dark web” screenshots to spread FUD and farm engagement.

Short demo of how Evilginx Pro uses dynamic JavaScript obfuscation to protect your scripts, injected into phishing pages, from automated pattern recognition. 🙈🐟

Evilginx Pro is still in development and will be available exclusively to BREAKDEV RED members later this year. 🥳

🏎️

Spend more of your day on the phone it’s easy to pump those numbers up

Watching throw back car videos I forgot about how popular this was way back. Now the same age group is debating how safe FSD is 😂

youtu.be/j72KYQcTFzg?si…

In response to the challenge of becoming a first-time people leader, I've interviewed cybersecurity practitioners I respect on LinkedIn! If you are just starting to manage a team I hope you find these answers from Ryan K as valuable as I did!

linkedin.com/pulse/leadersh…

The last thing your EDR sees

Can't wait for the marketing folks to realize they can capitalize on dissatisfaction with GenAI content by promoting 'human authored' content as a bespoke counter culture movement 😁

n00py @Metasploit just added channel binding in github.com/rapid7/metaspl… and signing in github.com/rapid7/metaspl… for both NTLM and Kerberos. The channel binding will go out in this week's release; the signing went out last week.