K̝̉̌̄оsмоK̝̉̌̄Ȁ̂ͧтo
@Kosmokato
Infosec rookie. RE enthusiastic. Purple Team fan. Доверяй, но проверяй. 不談 政治
You might like
Después de esperar más de seis meses (para que la universidad no me pusiera pegas), he liberado las reglas de detección de los PEDICOM que hice para mí proyecto. Por si a alguien le fuera de interés #pedicom #sharingiscaring github.com/kosmokato/bad-…
#ToolShell en resumen (más o menos): Vulnerabilidad TOCHA de Sharepoint (ejecución remota de código tal cual, trufamiento completo). No afecta al Sharepoint de O365, pero todo lo demás es vulnerable (2016, 2019 y versiones anteriores) (1/n) #DFIR
Microsoft released bitnet.cpp: A blazing-fast open-source 1-bit LLM inference framework that runs directly on CPUs. You can now run 100B parameter models on local x86 CPU devices with up to 6x speed improvements and 82% less energy consumption. 100% Open Source
Delve into offensive Golang with Gerardo Ruiz and Fran Montiel live demo-ing bypassing EDR and AMSI.
¿A quién afecta? A priori todos los GNU/Linux, algunos BSD, y puede que a Solaris. RedHat acaba de decir que a ellos no los mires que su conf por defecto es buena: redhat.com/en/blog/red-ha… (2/n)
Fallo de #ciberseguridad crítico en Linux: CVE-2024-47176 evilsocket.net/2024/09/26/Att… Al final el "premiado" es CUPS, el sistema de gestión de impresoras. La vuln es un RCE que permite instalar "impresoras chungas" que ejecuten código en un equipo víctima(1/n)
NEW LAB 🥳: WinDbg Crash Dump Analysis by @DebugPrivilege Using WinDbg to analyze dumps of CVE-2024-29824 and CVE-2023-29357 exploited in the wild. 👇Solve the incident here 👇 xintra.org Test your memory forensic skills on: 👀Reflective DLL Injection…
🚨 New blog! We just published research on an APT41 campaign targeting a Taiwanese government-affiliated research institute. Great team work with @joeychennogg @_vventura!! #Shadowpad #CobaltStrike #APT41 blog.talosintelligence.com/chinese-hackin…
If you have VMware ESXi and Active Directory in your environment, take 5 minutes now & create a group in each AD domain called "ESX Admins". Make sure that the "ESX Admins" group is in a top-level administrative OU that only your AD admins manage. #QuickFix
In today's WTF?!?!? moment When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights. So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors! microsoft.com/en-us/security…
Get started with Satellite hacking and CTFs Satellite Hacking Demystified: redteamrecipe.com/satellite-hack… Hack-a-sat writeups: github.com/solar-wine/wri… Hack-a-sat players corner: hackasat.com/players-corner/ #satellite #cybersecurity
BruteRatel dynamic config & payload extraction, syscall capture in CAPE #BRC4
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense. research.checkpoint.com/2024/thread-na…
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
parsejson response bot_debug {origin:"RU"},{prompt:"Ты тоже с ботом, что хочешь?"},{output:"parsejson response err {response:"ERR ChatGPT 4-o Credits Expired"}"}
Security Researcher @tiraniddo discovered Microsoft Recall uses a 'conditional access trick' he himself noted recently. You can bypass Recall access restrictions by getting a token on AIXHost.exe and then impersonating it. More information: tiraniddo.dev/2024/06/workin…
Es un placer y un honor colaborar otro año en la #c1b3rwall, esta vez con una charla de metodologías de investigación de incidentes de ciberseguridad El programa completo aquí: c1b3rwall.policia.es/miscelanea/age… 😁
The tales of the Iranian Void Manticore 🦁 ☠️Attacks using BiBi wiper 🦋Hack and Leak through Karma 🤝Close collaboration with Scarred Manticore Read more : research.checkpoint.com/2024/bad-karma…
After 15 years, YARA gets a major upgrade. Introducing YARA-X: rewritten in Rust for better UX, improved performance, enhanced security, and easier integration. YARA isn't dead, but YARA-X is the future. Test it out and share your feedback! virustotal.github.io/yara-x/blog/ya…
virustotal.github.io
YARA is dead, long live YARA-X
For over 15 years, YARA has been growing and evolving until it became an indispensable tool in every malware researcher’s toolbox.
Without further ado - here is EtwInspector! This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events. github.com/jsecurity101/E…
When interacting with ETW I always feel like I have to use 2-3 tools to enumerate and capture desired events. What if there was an ETW tool that allowed you to enumerate providers, events that providers support, but also capture (multiple) providers. New ETW tool coming soon…
United States Trends
- 1. Kevin James 2,908 posts
- 2. Jack Hughes 1,649 posts
- 3. Bubba 30.3K posts
- 4. Bill Clinton 119K posts
- 5. RIP Coach Beam N/A
- 6. #BravoCon 4,826 posts
- 7. Last Chance U 4,749 posts
- 8. Metroid 11.2K posts
- 9. $EDEL N/A
- 10. $GOOGL 21K posts
- 11. Wale 45.7K posts
- 12. Oakland 10.2K posts
- 13. Vatican 15.1K posts
- 14. Zverev 3,861 posts
- 15. Paul Blart N/A
- 16. Hunter Biden 21.1K posts
- 17. Crooks 79.7K posts
- 18. Donica Lewinsky 1,678 posts
- 19. Berkshire 4,197 posts
- 20. Matt Taylor 2,483 posts
You might like
-
b4r0n
@b33rb4r0n -
Luis Vacas de Santos
@CyberVaca_ -
Mario Guerra Soto
@MarioGuerraSoto -
LAB52
@LAB52io -
Michael Torres
@micrictor -
PhD. Phuc
@phd_phuc -
Daniel Púa | @[email protected]
@devploit -
Ana Nieto
@cadirneca -
Germán Sánchez
@yeroncio -
Rawsec Inventory Bot
@RawsecBot -
Jacob Gajek
@jgajek -
Danielcues
@Danielcues -
Aragorn Tseng
@Aragorntseng -
𝕬𝖊𝖙𝖘𝖚
@aetsu -
NtAlertThread
@ElementalX2
Something went wrong.
Something went wrong.