#defenseevasion — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #defenseevasion, aggregated by home.social.
-
Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.
https://thedefendopsdiaries.com/dissecting-the-purerat-attack-chain-from-infostealer-to-full-rat/
#purerat
#cyberattack
#dllsideloading
#remotetrojan
#defenseevasion -
Toxic trend: Another malware threat targets DeepSeek – Source: securelist.com https://ciso2ciso.com/toxic-trend-another-malware-threat-targets-deepseek-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #MicrosoftWindows #Phishingwebsites #Defenseevasion #Windowsmalware #GReATresearch #securelistcom #GoogleChrome #Encryption #JavaScript #PowerShell #Webthreats #DeepSeek #browser #CAPTCHA #Malware #LLM #AI
-
Toxic trend: Another malware threat targets DeepSeek – Source: securelist.com https://ciso2ciso.com/toxic-trend-another-malware-threat-targets-deepseek-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #MicrosoftWindows #Phishingwebsites #Defenseevasion #Windowsmalware #GReATresearch #securelistcom #GoogleChrome #Encryption #JavaScript #PowerShell #Webthreats #DeepSeek #browser #CAPTCHA #Malware #LLM #AI
-
Toxic trend: Another malware threat targets DeepSeek – Source: securelist.com https://ciso2ciso.com/toxic-trend-another-malware-threat-targets-deepseek-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #MicrosoftWindows #Phishingwebsites #Defenseevasion #Windowsmalware #GReATresearch #securelistcom #GoogleChrome #Encryption #JavaScript #PowerShell #Webthreats #DeepSeek #browser #CAPTCHA #Malware #LLM #AI
-
Toxic trend: Another malware threat targets DeepSeek – Source: securelist.com https://ciso2ciso.com/toxic-trend-another-malware-threat-targets-deepseek-source-securelist-com/ #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #MicrosoftWindows #Phishingwebsites #Defenseevasion #Windowsmalware #GReATresearch #securelistcom #GoogleChrome #Encryption #JavaScript #PowerShell #Webthreats #DeepSeek #browser #CAPTCHA #Malware #LLM #AI
-
How ToddyCat tried to hide behind AV software – Source: securelist.com https://ciso2ciso.com/how-toddycat-tried-to-hide-behind-av-software-source-securelist-com/ #Vulnerabilitiesandexploits #AntivirusVulnerabilities #rssfeedpostgeneratorecho #zerodayvulnerabilities #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Defenseevasion #Windowsmalware #securelistcom #Encryption #Incidents #ToddyCat #Drivers #Malware #Trojan #BYOVD #APT #CVE #DLL
-
How ToddyCat tried to hide behind AV software – Source: securelist.com https://ciso2ciso.com/how-toddycat-tried-to-hide-behind-av-software-source-securelist-com/ #Vulnerabilitiesandexploits #AntivirusVulnerabilities #rssfeedpostgeneratorecho #zerodayvulnerabilities #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Defenseevasion #Windowsmalware #securelistcom #Encryption #Incidents #ToddyCat #Drivers #Malware #Trojan #BYOVD #APT #CVE #DLL
-
How ToddyCat tried to hide behind AV software – Source: securelist.com https://ciso2ciso.com/how-toddycat-tried-to-hide-behind-av-software-source-securelist-com/ #Vulnerabilitiesandexploits #AntivirusVulnerabilities #rssfeedpostgeneratorecho #zerodayvulnerabilities #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Defenseevasion #Windowsmalware #securelistcom #Encryption #Incidents #ToddyCat #Drivers #Malware #Trojan #BYOVD #APT #CVE #DLL
-
How ToddyCat tried to hide behind AV software – Source: securelist.com https://ciso2ciso.com/how-toddycat-tried-to-hide-behind-av-software-source-securelist-com/ #Vulnerabilitiesandexploits #AntivirusVulnerabilities #rssfeedpostgeneratorecho #zerodayvulnerabilities #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Defenseevasion #Windowsmalware #securelistcom #Encryption #Incidents #ToddyCat #Drivers #Malware #Trojan #BYOVD #APT #CVE #DLL
-
SideWinder targets the maritime and nuclear sectors with an updated toolset – Source: securelist.com https://ciso2ciso.com/sidewinder-targets-the-maritime-and-nuclear-sectors-with-an-updated-toolset-source-securelist-com/ #rssfeedpostgeneratorecho #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Targetedattacks #Defenseevasion #Windowsmalware #securelistcom #spearphishing #APTreports #JavaScript #SideWinder #shellcode #Malware #.NET #APT #HTA
-
SideWinder targets the maritime and nuclear sectors with an updated toolset – Source: securelist.com https://ciso2ciso.com/sidewinder-targets-the-maritime-and-nuclear-sectors-with-an-updated-toolset-source-securelist-com/ #rssfeedpostgeneratorecho #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Targetedattacks #Defenseevasion #Windowsmalware #securelistcom #spearphishing #APTreports #JavaScript #SideWinder #shellcode #Malware #.NET #APT #HTA
-
Attackers exploiting a patched FortiClient EMS vulnerability in the wild – Source: securelist.com https://ciso2ciso.com/attackers-exploiting-a-patched-forticlient-ems-vulnerability-in-the-wild-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #CyberSecurityNews #Credentialstheft #IncidentResponse #vulnerabilities #Defenseevasion #securelistcom #MicrosoftSQL #SQLinjection #TIandIRposts #MITREATT&CK #Fortinet #mdr #SOC
-
Adversary Village at @defcon 32 Creator stage talks
Melvin Langvik will be delivering a technical talk on “Evading Modern Defenses When Phishing with Pixels”.
Talk schedule: 11:00 - 11:30 PDT | Aug 10th 2024 | DEF CON Creator Stage 3 | Las Vegas Convention Center.
More information on the talk: https://adversaryvillage.org/adversary-events/DEFCON-32/Melvin-Langvik/ And https://defcon.org/html/defcon-32/dc-32-creator-talks.html#54598
Schedule for Adversary Village at DEF CON 32: https://adversaryvillage.org/adversary-events/DEFCON-32/
#AdversaryVillage #DEFCON #WeEngage #DEFCON32 #AdversaryTradecraft #DefenseEvasion -
DLL proxying has been a fun learning experience :D
There are even tools that can show the exported functions of a binary so you don't have to manually figure out which functions to forward! -
Finally adding additional security checks to our help desk team was a big win yesterday!
I have my talk at Penn State tomorrow where I'll be talking about macOS defense evasion and RDP honey pots!For today, I think I'll be just knocking out some low hanging fruit tickets, tomorrow is going to be a busy day. LETS GO :D
#security #helpdesk #socialengineering #macos #defenseevasion #honeypot
-
Happy Wednesday! I am going to be going into the office with the interns today. They have an in person HRish like meeting to attend so I figured why not show my ugly mug.
We learned about process hooking yesterday. I think today we are going to continue to focus on defense evasion stuff. I also have them working on a handful of projects. They are small, but the impact will be big.
-
Good day everyone! I hope everyone is enjoying their Wednesday!
In a recent report by Bitdefender Labs, they took a deep-dive into the threat group #CharmingKitten and their latest malware, #BellaCiao. It is a great read, but some main behaviors that I pulled from the report included:
#DefenseEvasion:
T1562.001 - Impair Defenses: Disable or Modify Tools
Charming Kitten used powershell to disable real-time monitoring on the machine to avoid detection.#Persistence:
T1053.005 - Scheduled Task/Job: Scheduled Task
They also created scheduled tasks to run on start and used the technique of masquerading their process names to blend in.#Execution:
The Bitdefender team provided the locations that the executables were written to.You should go and check out this #readoftheday, it contains great technical details that you can use to improve your threat hunting skill.
Enjoy and Happy Hunting!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
"Injecting pc.dll into LSASS as a Security Package. Security Packages are used to extend the Windows authentication mechanism and can be abused to execute malicious code in the context of LSASS" - I was today years old when I learned this!
https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/
-
New blog post: Abusing Code Signing Certificates.
I cover what authenticode signatures are, how to validate them, using SigThief to copy a trusted cert to a malicious file and what adversaries use this technique.
https://axelarator.github.io/posts/codesigningcerts/
#ThreatIntel #RedTeam #DefenseEvasion #CTI -
Counter sandbox evasion by using Debloat to remove all the unnecessary junk bytes within binaries.
#DefenseEvasion -
Some defense evasion PS commands to keep an eye out for:
Prevent logging: Set-PSReadlineOption -HistorySaveStyle SaveNothing
Delete history file: Remove-Item (Get-PSReadlineOption).HistorySavePath
Set alternate file path: Set-PSReadLineOption -HistorySavePath $env:TEMP\out.txt
Use ConstrainedLanguage mode: $ExecutionContext.SessionState.LanguageMode = “ConstrainedLanguage”
#defenseevasion #powershell #security #detection #SIEM #logging
-
I've found that b64 is used for defense evasion when sending PowerShell or cmd commands. I imagine there are other popular encoding methods, has anyone seen any other big ones crop up lately?