A new Trimarc blog from I break Windows.... just landed! Kerberos is the gift that keeps on giving & it seems we can never have enough research on how to secure it. 35 years after its inception, attacks are as fast and furious as ever. Time to armor up. bit.ly/KerberosArmor

Allvarliga störningar i säkerhetsplattformen CrowdStrike påverkar många organisationers it-miljöer. Störningarna drabbar servrar och klienter med Falcon Sensor på Windows. CrowdStrike jobbar på en lösning. Rekommendationer för drabbade finns här: cert.se/2024/07/allvar…

DFIR Breakdown: Using Certutil To Download Attack Tools Windows certutil is a Windows utility that is used by threat actors during an attack to achieve some malicious goal by installing their own certificates on a system. Learn more and be prepared: hubs.li/Q02HYsDV0

seizures were made after Israeli officials and the company appear to have discussed how to respond to WhatsApp’s requests for NSO to disclose internal files about its spyware, raising questions about whether they coordinated to conceal certain information theguardian.com/news/article/2…

I’m giving away 10 FREE signed copies of our new book, Black Hat Bash! 🎉 Want one? Repost for a chance to win. #BlackHatBash #free #Giveaway

We are doing a giveaway for our Empire Ops: Tactics (Lazarus) course next week on Sep 11! Simply retweet this to enter, and we will announce the winner tomorrow at 1 PM EST. Come learn about ransomware simulation and threat emulation.

We're excited to announce our 2nd giveaway, thanks to Hack The Box 🎉 We will pick 5 winners to win a Silver Annual subscription (+ Exam)! To enter: 1️⃣ Follow @BugBountyDefcon and Hack The Box 2️⃣ Like this ❤️ 3️⃣ Retweet this 🔁 You have time until next Friday (09/20).

🎁 GIVEAWAY! 🎁 I partnered with 13Cubed for a giveaway of his Investigating Windows Bundle! This bundle includes 365-day access to the Investigating Windows Endpoints & Investigating Windows Memory courses. It also includes a certification attempt for each! To Enter:

Today we are releasing our first FREE educational course that is part of the Malcore Malware Bible. Introduction to Shellcode: this FREE course teaches you how to build shellcode from scratch using x86 asm and C for compiling it and running it. LINKS BELOW!

September giveaway! I am giving away 1 seat each for Altered Security on-demand CRTP and AD CS courses. Please Reply, Repost and Like this post to participate. I will announce 1 random winner for each on 30th September. alteredsecurity.com/online-labs Make sure to reply with which one

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes group-ib.com/blog/stealthy-…

in today's 'no way, is it real?' we found out that Palo Alto's PAN-OS CVE-2024-0012 and CVE-2024-9474 were the equivalents of saying 'turn off auth and give me a shell'. Enjoy! labs.watchtowr.com/pots-and-pans-…

Black Friday Giveaway! Please Follow Altered Security, Repost, Like and Comment on this post to win a CRTP voucher for 30 days. We will announce two random winners tomorrow (27th November 2024). alteredsecurity.com/online-labs #redteam #pentesting #azure

While investigating yet another BEC incident, I stumbled upon.. { "Name": "UserAgent", "Value": "axios/1.7.7" } 🥳 This becomes a really good IOC.

Ep 89: Cybereason: Molerats in the Cloud - The threat research team at Cybereason uncovered an interesting piece of malware. Studied it and tracked it. Which lead them to believe they were dealing with a threat actor known as Molerats. darknetdiaries.com/episode/89/

4/ Go grab the whole Cybersecurity and Infrastructure Security Agency guidance for mobile users. It's great to see this sort of thing. Much more needed. cisa.gov/resources-tool…

Att Sveriges Radio faciliterar gängkriminella är djupt stötande. Helt ärligt, vem tar ansvar för detta?

🚨Fake EditThisCookie Extension Steals User Data securityonline.info/beware-fake-ed… A fake Chrome extension named EditThisCookie®, developed with Manifest v3, has been identified as malicious, stealing user cookies and potentially posting phishing content through victims' social media

traningslara.se/johannes-cullb…

After several delays, Department of Government Efficiency has finally posted its purported savings. Why did it take so long to create a simple webpage with a 1000-row table? Who knows! Let's dig in. Headline number: $55B saved. They list the savings per nixed contract. This should be easy to verify then. 🧵