This is actually how I run my company. We transitioned to 4 day/32 hour work weeks while paying full time salaries. We do 4 weeks a year of shared company wide shutdown vacations (Luta Siesta Fiestas). Anyone can have time off for any reason. We really do get more done this way.

4 months ago I wrote a Python module to print xxd style hexdump output to the terminal for use in reversing/analysis. I chose to publish it today, even though I'm not totally happy with it and probably never will be completely. (cc @grenlith 𝕸𝓎𝖐𝖎𝖑𝖑 ☠️) github.com/pmelson/pyhexd…

Qbot Likes to Move It, Move It ➡️Initial Access: Maldoc deploys Qbot ➡️Execution: Regsvr32 DLL Execution ➡️Discovery: ipconfig, netstat, whoami, etc. ➡️Collection: Email and Browser Info Stealing ➡️Defense Evasion: Process Injection, Defender Exclusions thedfirreport.com/2022/02/07/qbo…

Years ago I've created a spreadsheet that maps audit policy settings to corresponding events It's an outdated list but people still find it useful It also contains columns in which I've estimated the volume & rated the usefulness of these events docs.google.com/spreadsheets/d…

Hayabusa a Windows event log fast forensics timeline generator and threat hunting tool created by 田中ザック (Zach Mathis) it uses a converted sigma ruleset for detection github.com/Yamato-Securit…

There is a new feature on VirusTotal, you can now browse IOCs by threat actors and also get TTPs, pretty cool👌 #ThreatIntelligence #malware #ThreatHunting #infosec

CVE-2022-44721 Privilege escalation in Crowdstrike Falcon Uninstaller. Exploiting this vulnerability allows an attacker with administrative privileges to bypass the token check on Windows end-devices and to uninstall the sensor from the device... PoC github.com/purplededa/CVE…

A successfully compromised MSP is the „buy 1 and get 50 for free“ in the cyber security world

EDR or SIEM flagging your Linux commands when reading sensitive files like /etc/shadow? Read the file from the raw disk to avoid simple detections. #redteamtips #hacking

- JA4+ for Wireshark is available now on Windows. Mac & Linux coming tomorrow! - JA4+ for Zeek will be available by early January, Shmoocon is my deadline. - JA4 is in Arkime 5.0-rc1 github.com/arkime/arkime/… JA4+ is in the works. - JA4+ on Suricata requires a Suricata Plugin

🍯 honeydet A signature based, multi-threaded honeypot detection tool Supports hex, string, and regex signatures By James Brine github.com/referefref/hon…

A Go language application named Honeypage is under pre-alpha development, designed to generate a customizable honeypot web page for integration with modpot, simulating a vulnerable system to detect and analyze malicious activity. github.com/referefref/hon…

GitHub - referefref/gitdoorcheck: Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs github.com/referefref/git…

🍯 modpot A modular web-application honeypot platform built using go and gin Allows the user to deploy simple HTML/JS honeypots that mimic web apps in order to detect requests and form entries that are related to attacks By James Brine github.com/referefref/mod…

🔬 aiocrioc An LLM and OCR based Indicator of Compromise Extraction Tool Extracts IP addresses, domains, URLs, etc., from text using GPT-4 Then analyzes all text from images after OCR-ing them with Pytesseract By James Brine #cybersecurity github.com/referefref/aio…

🚪gitdoorcheck A static analysis tool that uses OpenAI's GPT-4 to scan git repos Checks each file for: * Potential backdoors * Extraction of credentials * Persistence * Any other potentially malicious functions By James Brine github.com/referefref/git…

How I discovered and chained and RCE and an XSS on CHAOS RAT v5.01, allowing an attacker to takeover the RAT server. Taking inspiration from x.com/ACEResponder/s…, I also added exploit functionality to rickroll RAT operators. blog.chebuya.com/posts/remote-c… github.com/chebuya/CVE-20…

🤖 Sinon A tool that automates the setup of Windows-based deception hosts Uses GPT-4 to generate content (files, emails, etc.) And a config file that supports various actions that emulate user behavior By James Brine #blueteam github.com/referefref/sin…

We've updated the vx-underground malware collection. We have decided to include the recent faulty CrowdStrike drivers which caused 'boot-loops' for users. We believe it serves some historic and/or educational value to researchers or students. We have titled it