ุชุณุฑูุจ ุงูุจูุงูุงุชโฆ ุฏุฑูุณ ูุงุณูุฉ ู
ู ุงูู
ุงุถู ูุญู
ุงูุฉ ุงูู
ุณุชูุจู
haseen.leapat.org/blog/posts/datโฆ
#leapat
ุงูุนุฑุจูุฉ
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป
1.5K posts
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป
@0xCyberY
Cybersecurity Engineer @ COGNNA | Security Analyst | Penetration Tester | Purple Teamer
127.0.0.1 Katฤฑlฤฑm Kasฤฑm 2012
785 Takip Edilen896 Takipรงiler
Phishing remains the most common method for compromising accounts. However, phishing through Google Workspace emails in a more stealthy and sophisticated manner is a story worth mentioning.
Read the story : gist.github.com/zachlatta/f863โฆ
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Following the Trail of Threat Actors in Google Workspace Audit Logs by @megan_roddie sans.org/blog/followingโฆ >> A great intro to the cheat sheet: sans.org/posters/googleโฆ
English
CAPA provides insights into the potential actions the program can perform. For instance, it may indicate if the file behaves as a backdoor, can install services, or communicates via HTTP.
github.com/mandiant/capa
#malwareanalysis #reverseengineering
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Supply Chain Poisoning of 7ZIP on the Microsoft App Store
#APT
ti.qianxin.com/blog/articles/โฆ
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
The sample mentioned in the @CISACyber report AA23-339A on attacks against Adobe ColdFusion CVE-2023-26360 is ForkDump by @BillDemirkapi
- only ESET gets it right
Sample
virustotal.com/gui/file/a3acbโฆ
CISA report
cisa.gov/news-events/cyโฆ
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Thank you for joining us #blackhatmea2023 !
It was an absolute pleasure meeting all of you in person, and we can't wait to welcome you at more exciting events in the future.
Stay tuned for what's to come!
#CognnaAtBlackHatMEA #ThankYou
English
I will be one of the exhibiter for @cognna at #blackhatmea.
Visit us to explore our comprehensive range of threat management, threat detection, rapid response, and compliance assurance solutions to safeguard your organization against evolving cyber threats.
COGNNA@cognna
Great start to the first day of #BlackHatMEA2023! Looking forward to seeing you tomorrow for another exciting day! ุงูุทูุงูุฉ ุฑุงุฆุนุฉ ูุฃูู ููู ูู ุจูุงู ูุงุช 2023 ููุชุธุฑูู ุจุดูู ุบุฏุง ูู ููู ุฌุฏูุฏ
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Introducing THOR-Cloud Lite ๐ฉ๏ธ: Seamless On-Demand Forensic Scanning Made Easy
- apply YARA + Sigma + IOCs
- it's free
- many more features upcoming
Blog ๐
nextron-systems.com/2023/10/30/intโฆ
Release Session ๐บ
youtu.be/ApeXFnFkKZg
Register for Free โก๏ธ
thorcloud-lite.nextron-systems.com/ui/register?utโฆ
YouTube
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Discover what's new in cybersecurity.
#TrendCheck #Cognna #cybersecurity #infosec #security #hackers #threatintelligence #vulnerabilitymanagement #riskmanagement #CybersecurityMonth
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
ุจุงูุชุนุงูู ู
ุน @cognna ูุฏุนููู
ูุงุฏู ุงูุฃู
ู ุงูุณูุจุฑุงูู ุจุฌุงู
ุนุฉ ุงูู
ูู ุณุนูุฏ ูุญุถูุฑ ุงููุฏูุฉ ุงูุณูุจุฑุงููุฉ ุจุนููุงู :
" Cybersecurity Career Path"
ู
ุน ุงูู
ุฏูุฑ ุงูุชููู ูุดุฑูุฉ ููููุง ู
.ุฒูุงุฏ ุงูุดูุฑู
ููู
ุงูุงุซููู 30 ุฃูุชูุจุฑ
ุงูุณุงุนุฉ 7:30 ู
ุณุงุกูุง
ููุฌุฏ ุดูุงุฏุฉ ุญุถูุฑ๐
ุฑุงุจุท ุงูุชุณุฌูู :
forms.gle/vJ4ExwPGxBy3Crโฆ
ุงูุนุฑุจูุฉ
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Once you've identified the top three common #cybersecurity attacks, the next natural question that may come to mind is:
'How do I mitigate them?'
So, here's the answer.
#AskCognna #CybersecurityAwarenessMonth
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
You can either hunt for it or check and apply our Sigma rules
If you're unsure whether a detection idea is already covered by an existing rule, you can use the sigmasearchengine.com, which was developed by my team member @ph_t__
We've also integrated the API of that service into the Sigma VSCode extension
Threat Hunting@Mahdi_htm
Initial Access with Compiled HTML File (CHM) have been used by different TAs including APT37 and APT41. For hunting/detecting them you should check hh.exe spawning mshta.exe or any other related LOBINs in Event ID 1 of Sysmon or 4688 See the execution flow in the following pics
English
you can use SysmonSimulator.
- eventcreate [learn.microsoft.com/en-us/windows-โฆ]
- SysmonSimulator [github.com/ScarredMonk/Syโฆ]
#EDR #detection
English
If you want to test the EDR detections and correlation rules used by Blue Teams, you may need to create custom events in a specific event log.
To do this, you can use Microsoft's eventcreate utility, which lets you create specific logs at APPLICATION or SYSTEM; for Sysmon logs,
English
๐๐ต๐๐ฐ๐ฟ๐ฟ๐๐ป ๐ต๐๐ข๐ป๐ฐ๐ฏ๐ป retweetledi
Cybersecurity Certifications to pursue in 2023 (For FREE):
1. cybrary.it
2. futurelearn.com
3. edx.org
4. sans.org/cyberaces/
5. gitbit.org
English
- Map of worldwide ransomware attacks: [comparitech.com/blog/informatiโฆ]
- Catalog of Supply Chain Compromises: [github.com/cncf/tag-securโฆ]
- Software Supply Chain Compromises - A Living Dataset: [github.com/IQTLabs/softwaโฆ]
- DeFi Hack database: [defillama.com/hacks]
#cybersecurity
English
- APT & Cybercriminals Campaign Collection: [github.com/CyberMonitor/Aโฆ]
- APTnotes: [github.com/aptnotes/data/โฆ]
- Data Breach Chronology: [privacyrights.org/data-breaches]
- Breach-Report-Collection: [github.com/BushidoUK/Breaโฆ]
English
๐๐ข๐๐ก๐ & ๐๐๐ง๐๐ซ๐๐ฅ ๐๐ฒ๐๐๐ซ ๐๐ง๐๐ข๐๐๐ง๐ญ ๐๐๐ญ๐ ๐๐จ๐ฎ๐ซ๐๐๐ฌ
- ransomwatch: [github.com/joshhighet/ranโฆ]
- MalwareBazaar: [bazaar.abuse.ch/browse/]
- Verizon Data Breach Investigations Report (DBIR): [verizon.com/business/resouโฆ]
English