New Elastic blog post "Discovering anomalous patterns based on parent-child process relationships" covers a lot of material from my ProblemChild Camlis Org talk. elastic.co/blog/discoveri…

CrowdStrike's second annual #AdversaryQuest was one for the books! Special shoutout to the 143 players that made the scoreboard and our 11 players who successfully solved all 3 challenges! These top 50 players will win CrowdStrike swag. ⬇️ #cybersecurity #hacking

The write-up for the CrowdStrike Intel Adversary Quest 2022 CATAPULT SPIDER track was released: crowdstrike.com/blog/catapult-… #adversaryquest

Explore the four "capture the flag" challenges in our Hacktivism track of the Adversary Quest 2022: display0, Spellcheck, Password, tokens. crwdstr.ke/6012zAsh2

Our writeups for the #adversaryquest TABLOID JACKAL track have been published. Enjoy! crowdstrike.com/blog/tabloid-j…

Explore the 4 "capture the flag" challenges in our Targeted Intrusion track of the Adversary Quest 2022: FrontDoor, Backup, Lights Out, Eyes Open. crwdstr.ke/6019MEbz1

Take a deep dive into wmiexec usage seen from multiple incident response investigations and learn more about the indicators that can help defenders detect wmiexec. ⬇️ crwdstr.ke/6018MJrju

U.S. Department of Health and Human Services (HHS) has issued a warning about ongoing #ransomware attacks targeting #healthcare entities in the country. Read: thehackernews.com/2022/12/royal-… #infosec #malware

CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access. crwdstr.ke/60123Jq8I

Learn how to modify and exploit a Linux Kernel vulnerability to escape container environments, and how CrowdStrike can help to prevent and hunt for similar threats. crwdstr.ke/60103X0Jg

🚨 The 2023 Global Threat Report is now live. Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks. Access the report: crwdstr.ke/60123vKer

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Learn more: crwdstr.ke/6014346tA

Spannend, was in pv magazine steht. pv-magazine.de/2023/04/14/pet… Die Bundestagsverwaltung wollte die Petition verhindern. Danke, Akkudoktor, dass du das nicht akzeptiert hast. Da sollte wohl Demokratie unterdrückt werden. unterschreibt. Jetzt erst recht petition.akkudoktor.net

Nice. About the current #Citrix unauth #RCE: it is a simple stack overflow, the affected binary was compiled without PIE, has executable stack, and also there are no stack canaries (on some versions). Back (at least) 10+ yrs in time. :)

PoC to takeover Android using another Android by exploiting critical Bluetooth vulnerability to install #Metasploit payload without proper Bluetooth pairing (CVE-2023-45866) It still affects Android 10 and bellow mobile-hacker.com/2024/01/23/exp… #NetHunter

Latest additions to JA4+ include TCP fingerprinting! Technical write up: github.com/FoxIO-LLC/ja4/… If you see an Epson Printer logging into your Okta server, you're about to have a bad day. JA4T/S available now in Arkime, Wireshark, JA4TScan tool is coming next week as a zmap

lets fucking go

By Brandon Saltalamacchia: 'Google is Killing Independent Sites' retrododo.com/google-is-kill…

Linux kernel instrumentation from Qemu and gdb: A technique to analyze binaries or kernel modules that may try to monitor themselves. In this blog post Professor Forgette Benoît explains the trick blog.quarkslab.com/linux-kernel-i…

Just in time for Christmas: a repository for decrypting many encrypted D-Link firmware images. Also integrated into Binwalk for auto-magic decryption & extraction. github.com/devttys0/delink