ntoskrnl.exe has an undocumented function, nt!DbgCommandString() that allows a driver of a #Kd debuggee to execute #windbg commands (so, any code) on the session of the debugger (#win7 -> #win10). So be careful when debugging untrusted drivers via #Kd 😅 Found by Alex Ionescu

We Need Your Help! ➡️ Are you familiar with memory, network, and/or endpoint analysis and want to volunteer for a couple hours a week doing analysis and reporting? ➡️ We'll credit your work in the report, give you free access to our intel, and provide CPE credits if needed. ⬇️

Introducing DotNetHooker: .NET API tracing and argument dumping for reverse engineering .NET malware. github.com/acsdavid97/Dot…

The threat actor ACTINIUM (aka #Gamaredon) continues to target organizations primarily in Ukraine for espionage purposes. MSTIC’s latest blog outlines the tactics that this persistent actor employs to pursue access and exfiltrate info from these orgs. msft.it/6012w6sLK

We have downloaded and archived everything shared by conti leaks thus far. - Chat logs 2020 - 2022 - Internal software source code - Jabber chat logs 2021 - 2022 - Pony leak - Rocket Chat logs - Screenshots, December 2021 - Trickbot forum Download: share.vx-underground.org

what's not normal in this process access event ? 🧐

Oh yeah, hey we shipped LSA PPL on by default-ish. If you meet the baseline security requirements that triggers HVCI enablement we'll turn on LSA PPL too.

"Password expiration requirements do more harm than good, because these requirements make users select predictable passwords" Thank you Microsoft. NIST agrees. Everyone who attacks password auth agrees. Can we get compliance to update their requirements. docs.microsoft.com/en-us/microsof…

Facing a Cybersecurity talent shortage when we have a rise in cyber crime and data breaches. Worried? ibm.co/2cycTjU #hack #crisis

Infosec is all about the mismatch between our intuition and the actual behavior of the systems we build. — lcamtuf

We've written up some of the DerbyCon 2016 CTF challenges for you! We had a blast; thanks to all @ #DerbyCon labs.nettitude.com/blog/derbycon-… 💻🤓

"Wow! This appliance made all of our security concerns go away so we could focus on the business! That vendor was right!" - No one. Ever.

Time is not neutral. — Murphy’s laws of cybersecurity

In an unwelcome development, the source code for the 'Mirai' IoT botnet family has been released krebsonsecurity.com/2016/10/source…

Another blueteam indicator of compromise for Mirai is to look for TCP connections to port 48101, used as a notifier for the telnet scanner.

hacker.house port 48101 has been showing increasingly growing numbers, a week ago around 450k, 2 days ago 850k and 950k today

Internet of ransomware things. Source: geekculture.com/joyoftech/joya…

We're running an online course on computer security together with Helsinki University. Free and open to anyone. See mooc.fi/courses/2016/c…