rm - rf

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114 by @rapid7 rapid7.com/blog/post/tr-c…

Blueprints for cybersecurity automation workflows github.com/CyberSecurityU…

LLM red teaming promptfoo.dev/docs/red-team/

Someone going by "wwwiesel" on GitHub picked up @securitymeta_’s tradition this year and dropped a full list of #BlackFriday deals in the #InfoSec space Online Courses & Training - 8kSec Academy - AI Security Professional Course - Altered Security - Belkasoft - Blu Raven Academy - Career Hacking Quest - CloudBreach - Cyber Plumber's Lab - CyberWarFare Labs - DevSecOps Pro - DNS for Developers - Evilginx Mastery - Hack The Box Pro Labs - HackSmarter - HackTricks Training - Hexordia - Invictus IR Academy - Invictus CloudLabs - LetsDefend - Mobile Hacking Lab - OffSec Learn One - OPSWAT Academy - Pluralsight - Practical DevSecOps - Practical TLS - http://pwn[.]guide - CyberNow (SOC Analyst) - TCM Academy - TheXero - Vantage Point / Enciphers - White Knight Labs - WiFiChallenge Academy - ZeroPoint Security Exams - The SecOps Group Mini Courses - SecDim Books - The CloudSec Engineer Hardware - Hak5 - KSEC Labs Professional Services - Wortell Tools - Burp Bounty Pro - Burp Bounty Go - FullStro - Grammarly Pro - PortDroid - Proton Mail / VPN / Pass / Drive - HTTP Toolkit - http://SEOengine[.]ai - SubtitleBee - WebsiteVoice Services - Grayhat Warfare - AirVPN - CyberGhost VPN - Proton (second listing in file) - NordVPN - Tuta Mail - InMotion Hosting - IPVanish VPN Misc - Neato Stickers URL: github.com/wwwiesel/InfoS…

Naval Ravikant: Everyone can be rich.

If you want to become a world-class software engineer (in 6 months), read these 12 books:

Today we are releasing our FREE educational course: "Intro to Exploit Dev"! This course is perfect for those trying to start exploit dev and covers: - Tooling - Fuzzing - Exploitation techniques - And more! You can take the course here: bible.malcore.io/readme/the-beg…

Moonlock 2024 macOS Threat Report is here! 🧠AI-powered malware makes advanced attacks accessible to anyone. 💻 Malware-as-a-Service starts at $1,500/month. 📈 Stealer malware surges, targeting Keychain & crypto wallets. Dive into the full report: moonlock.com/moonlock-2024-…

IP addresses can also be represented as numbers in decimal, hexadecimal, or octal. This is not new information, but it's neat.

🚨 #DFIRtips 🚨 Today, during an investigation, I found a registry key that proved to be extremely useful in identifying the execution of a malicious executable: HeapLeakDetection! You can find it in the Software hive, specifically at HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications. This registry key is interesting because its subkeys refer to all the executables that have been detected by RADAR technology for real-time memory leak detection. Each subkey has its own LastDetectionTime which tells us the last time a memory leak occurred and which executable was affected. Even though it is not particularly well-known, this artifact could sometimes turn your investigation around, especially when the threat actor tries to erase their tracks by deleting the most common artifacts (Prefetch files, evtx logs, etc.) [screenshots from my test machine]

Anyone have anonymous stories about foreign fake employee WfH/VPN fraud and how it was detected?

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code from 1996

China's new 0day shopping list. 🇨🇳 matrixcup.net/page/race/home/

Great blog post by @ReynardSec_en on how to harden your #Docker platform. It's a step-by-step guide with a lot of useful tips and tricks. Check it out! reynardsec.com/en/docker-plat… #infosec

@greathorn at least you should acknowledge the downtime and share it on whatever platform that works for you.

@kgrivich @SJFriedl @greathorn blame is on DNS but the way this is being handled by a security provider is not cool.

@SJFriedl @greathorn I spoke with one of their engineers. They are having a problem with their DNS record and are working to resolve. The backend looks like it's still working. Their DNS record changed last night I see. I'm wondering if they lost control of their domain...

A customer of mine uses @Greathorn for email security, but their domain stopped working today, the office goes right to voicemail, and they aren't responding on Twitter. It seems odd that they are so firmly down but I can't find anybody talking about it.

Hey, hackers! 👋🏻 I hope this note is bookmarked on your belt! It contains awesome pdfs including: - Red team Operations - Reverse engineering content - Red Team x Blue team - Practical social engineering - Windows Privilege escalation - AD, & Road to OSCP - JR to Specialist career - Many Offsec notes - & Many more Thanks to Joas A Santos drive.google.com/drive/mobile/f… (I recommend you to follow his profile on Linkedin) #cybersecurity #Pentesting #Hacking #bugbountytips #infosec #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #100DaysOfCyberSecurity #CyberSecurityAwareness

Google Dork - File Upload 📁 (site:example[.]com | site:example[.]org) & intext:"choose file”