Table of Contents By: Alex Reid, Current Red Siege Intern SSH-ishing? Suh-shishing? Have you gotten your blood pressure checked recently? In the April 2018 release of Windows 10 version 1803, Microsoft announced that the Windows OpenSSH client would ship and be enabled by default (with the server re…
Category: Interesting Stuff
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unse…
What’s happening? Given the intricate landscape of cybersecurity, the misuse of Windows Management Instrumentation (WMI) stands out as a pervasive threat. WMI facilitates centralized management of Windows devices by providing a consistent and well-documented interface that can be utilized by various…
You can’t talk about hunting for persistence techniques without mentioning scheduled tasks. As in the case of persistence via Windows services, described in a previous blog post, techniques related to scheduled tasks also allow for the use of a dual approach to persistence hunting: Both the creation…
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that several threat hunting hypotheses can be leveraged. This is common in threat hunting in general and for persistence-related techniques in particular. As a reminder, all our service-related hypotheses can be…
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that there are several threat hunting hypotheses that we can leverage. This is very common in threat hunting tradecraft in general and for persistence-related techniques in particular. When you are dealing with…
As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat hunting is a crucial skill. By mastering the art of cyber threat hunting, security professional…
Link Sharing and News: Dark.Fail — This site is on both the Clearnet and Dark Web. Dark.Fail provides authentic links to various Darknet websites. This allows users to reach legitimate links, keeping scammers away from using…
Experience Level required: Beginner In this blog, we will learn how to analyze and deobfuscate Javascript malware. Let’s view the sample code The code has obfuscation with ° and g0 spread throughout, so let’s remove them. We need to take care because g0 is being used here as a variable. So we will r…
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of…
Images Editing Tools ICO to PNG ICO Converter Image to Base64 Base64 to Image Flip Image Rotate Image Image Enlarger Image Cropper Image Resizer Image Converter JPG to PNG PNG to JPG JPG Converter WebP to JPG A Custom Link Website Management Tools HTML Decode HTML Encode URL Decode URL Encode HTML B…
ABSTRACT This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics. Reconnaissance Objective: Identify potential reconnaissance activity on the network Description: Reconnaissance is an important phase of an attack, where the attacker gathers informat…
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes: Log collection (eg: into a SIEM) Threat hunting Forensic / DFIR Troubleshooting Scheduled tasks: Event ID 4697 , This event generates…
Google recently announced the release of Magika, an “AI-powered file-type identification system”. I tested this on a corpus of nearly 125k files to see how it fared. Why? File type detection is useful in a number of places, such as: Anti-spam – detecting unwanted attachments, for example those with…
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response. The conference w…