Summary: This blog discusses AI jailbreaks, their impact on generative AI systems, and how to mitigate the associated risks and harms. Threat Actor: N/A Victim: N/A Key Point : An AI jailbreak is a technique that can bypass the defense mechanisms of AI models, leading to harmful consequences such as…
Category: Interesting Stuff
Summary: This content is the Android Security Bulletin for June 2024, which provides details of security vulnerabilities affecting Android devices and the corresponding security patch levels. Threat Actor: N/A Victim: Android devices Key Point : The Android Security Bulletin provides information on…
Cyberthreat intelligence (CTI) can be a powerful weapon for protecting an organization from cyberattack, enabling teams to understand both the threats they face and the tactics, techniques, and procedures of their adversaries. Derek Fisher, executive director of product security at JPMorgan Chase &a…
In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant.
Why AI Will Not Fully Replace Humans in Web Penetration Testing Contextual Understanding: AI handles large data volumes and identifies patterns. Human testers understand the business context, industry specifics, user behavior, and regulatory requirements. They prioritize findings based on potential…
This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team. TL;DR Sekoia Threat Detection & Research (TDR) is a…
In this blog, we will learn how to write a YARA Rule to detect different samples from the same families and hunt for them on a scale. This section defines the metadata for the rule such as (the description of the rule, the author’s name, the date of writing the rule, etc.) example rule rule_name { m…
Hello and welcome back to the Cryptopals Guided Tour (previously, previously)! Today we are taking on Challenge 17, the famous padding oracle attack. For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks on them. You…
AhnLab Security Intelligence Center is publishing the “Online Scam” series to inform about the evolving scam threats. To reduce scam damages, prevention and blocking are crucial. Many security companies provide features to detect and block scams, financial fraud, and phishing attacks. However, secur…
*replace .bawang with .onion (use TOR to access it)*source: https://www.breachsense.com/ Darknet Markets NameURLStatus0-DAYhttps://0-day.shopONLINEStealer credential leakshttps://whiteintel.ioONLINEDarth maul shophttps://1977.ws/ONLINE2EASYhttps://2easy.ccONLINEAlphaBay (Dark i2p)https://tnaefzkcnhr…
No one is safe from scams. In fact, scams targeting corporations and organizations employ meticulously social-engineered attack scenarios. Unlike smishing targeting individuals or online shopping scams, such attacks design tailored phishing scenarios based on previously collected information about the target. As such, it is not easy for the victim organization to…
Email forensics overview Email forensics involves the examination, extraction, and analysis of email data to gather digital evidence crucial for resolving crimes and specific incidents, ensuring the integrity of the investigation process.This investigative process encompasses various aspects of emai…
Extracting C2 configuration using the Garbageman .NET analysis tool
Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.
Leveraging Ghidra to establish context and intent behind suspicious strings.