9 years webshell EDR/AV/Yara testing samples left side screenshot improved to the right screenshot website using AI
https://t.co/4dOlmDiiv9
https://t.co/wPs7j3b8U9
#EDR#Defender#yara#webshell
Interesting shift in DPRK tradecraft. from VS code extension abuse to crypto infrastrcuture for stealth C2 to github abuse https://t.co/sOlXhiGG5x. I published detection rules to detect this activity along with high fidelity AI assisted rules
#ThreatHunting#DFIR#Defender#ATP
Based on https://t.co/rWi15LZbyH
I have added around 6 detection rules. from rustdesk to wbadmin credential dumping
https://t.co/z5x3ZvOL1J
https://t.co/OzEnokamVS
https://t.co/j3lMCWZMci
find the rules at https://t.co/gUrc46Dug2
#threathunting#Akira#ransomware#bumblebee
Inspired by kqlsearch. my mentee @Qtr_Alhajj has built a Yara database and search engine here https://t.co/UnB1AduFgP. Incredible work from the first year university student. looking for suggestions to improve the website.
#Yara#database#malware
With all the fuss around #velociraptor thought I'd give a shootout to project LOST (LOL Security Tools).
We started this together with @0xanalyst some time ago. Yes Velociraptor, osquery, defender, wazuh, and much more that would deserve to be documented
https://t.co/3vnGDLspty
@_RastaMouse There are a lot of people out there depending on your courses, to build a career and learn stuff that they wont learn otherwise. That shall motivate you
This final execution of the malware seems a new way to obfuscate downloadstring dynamically. they load the ULR in a variable and then dynamically resolve function names for download and downloadstring
#Lumma#infosec#malware#blueteam
ChaGPT explanation follows
NEW LAB: Abu Jibal (APT34 / OilRig) 🔍💻
Iranian APT34 targets the oil and gas sector across the Middle East.
Test your blue team skills on:
👀 Password Filter DLL Attacks
👀 RunPE In-Memory Execution
👀 Windows Kernel Elevation
👀 Malicious JavaScript Payloads
👀 Custom Keyloggers
Lab Contributors:
Adversarial Emulation: @q8fawazo
Incident Response: @r3nzsec
Solve it here👉https://t.co/3yo41LBhOh @XintraOrg