New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings" Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers markmark & @__mn1__ : swarm.ptsecurity.com/cisco-hyperfle…

In Q2 2021 our team discovered the new #APT group #ChamelGang, that exploited #ProxyShell vulnerability. As the main malware, they used #cobaltstrike beacon and IIS malicious module called #DoorMe. ptsecurity.com/ww-en/analytic…

How to get a system shell on any windows version? Use #SystemNightmare exploit. How to detect SystemNightmare usage in a network? Use our rules! Oh, here they are: github.com/ptresearch/Att…

(1/3) I'm proudly present you our contribution to the #DRAKVUF project. A new plugin #rootkitmon (v1) as a solution for rootkits detection on Windows OS is ready: github.com/tklengyel/drak… One step ahead of hackers💪 #APT #rootkit #malware #detection

TTPs for compromising CI/CD pipelines, by Hiroki (rung) SUEZAWA github.com/rung/threat-ma…

[thread 🧵] Kerberos delegations. This meta-thread gathers three sub-threads, one for each delegation type. I’ll talk about Unconstrained, Constrained, Resource-Based Constrained (RBCD), S4U2self, S4U2proxy and abuse scenarios.

MAL-CL has now coverage for more than 40+ different tools. Every tool has ➡️MITRE Mapping. ➡️Detections (Splunk, Sigma, Elastic, Azure) when possible. ➡️Common Command-lines ➡️Sandbox Execution & Event logs to monitor And much more to come. Github: github.com/3CORESec/MAL-CL

67% специалистов по ИБ в России знают о матрице MITRE ATT&CK и либо уже пользуются ей для мониторинга атак и реагирования на них, либо планируют. Positive Technologies перевела матрицу ATT&CK на русский язык и опубликовала ее в интерактивном формате buff.ly/3DSJ4TX

Today I found out that when wearing a mask, glasses in a taxi do not fog up #iwillneverdrinkagain

📌Hunting for Persistence in #Linux (Part 1): Auditd, #Sysmon, #Osquery, and Webshells ➡️pberba.github.io/security/2021/… Author: Pepe Berba 🔥 #threathunting #blueteam #redteam #DFIR #Security

Don't forget to look for the simple things too!

My small contribution to our teamwork. Thanks Metasploit Project for a fun weekend. #metasploitctf

great combination of tricks! 4688 capture main steps indicator of Lsass cloning + a child of Lsass (pretty rare and indicate CreateProcessWithLogonW trick to spoof lsass ppid), thank you 4688 (still useful for something :D) github.com/elastic/detect…

So here are my 2 cents on Charlie Clark's CVE-2021-42287/CVE-2021-42278 Weaponization - a quick & dirty way to exploit it with Python and #impacket remotely. The renameMachine[.]py script is based on rbcd[.]py example by Charlie Bromberg « Shutdown »: gist.github.com/snovvcrash/3bf…

Rule updates: our #suricata rules detect all known Log4Shell CVE-2021-44228 bypasses for now. Also added a rule to detect a successful log4j exploitation!

First mindmap - Am I vulnerable to Log4shell (v5.0, updated with higher impact for CVE-2021-45046)

Нас пугают, что атакующему для взлома достаточно успеха однажды, а защитнику надо быть успешным всегда Но на практике по-другому: атакующему надо оставаться незаметным на всех этапах атаки, а защитнику достаточно его обнаружить однажды на любом этапе, а дальше - раскрутит!

Делимся интерактивной и user-friendly матрицей MITRE ATT&CK на русском языке. Как устроена наша матрица и чем мы руководствовались при переводе названий тактик и техник 👉 bit.ly/3JpZUg3

Probably the weirdest #LOLBin I have ever found... 😅 wlrmdr.exe -s 3600 -f 0 -t Click me! -m To run calculator -a 10 -u calc.exe

Windows security log quick reference for SOC Analysts #CyberSecurity