Notes

Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSONL format), Auditd logs and Sysmon for Linux logs.

• Zircolite can be used directly on the investigated endpoint (use releases) or in your forensic/detection lab
• Zircolite is fast and can parse large datasets in just seconds (check benchmarks)

Zircolite can be used directly in Python or you can use the binaries provided in releases (Microsoft Windows and Linux only). Documentation is here. Zircolite

I used to think that, in the end, most people will be able to discern the truth from the lies.

It embeds the executable file or payload inside the jpg file. The method the program uses isn’t exactly called one of the steganography methods [secure cover selection, least significant bit, palette-based technique, etc]. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the “garbage code insertion/dead-code insertion” method to prevent the payload from being caught by the antivirus at runtime. JPGtoMalware

Generally speaking, any code which runs on an iOS device must have a chain-of-trust leading up to Apple’s root certificate authority. This chain-of-trust is embedded into the Mach-O executable itself when the executable is signed. When talking about an iOS application, each resource used by it (be it an image, font or a library) must also be signed along with the main executable.

However, it is rather hard (and inefficient) to stuff all of the aforementioned information into the executable itself. The application might not need access to all of its embedded resources at launch time, so embedding their signature into the main executable is a waste of memory. Therefore, a code signature consists of two major components: the Application Seal (AKA the Resource Directory), and the Embedded Signature. A Deep Dive into iOS Code Signing

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML scheme ms-msdt: which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros). New Microsoft Office Zero-Day Exploit

DevSecOps focuses on security automation, testing and enforcement during DevOps - Release - SDLC cycles. The whole meaning behind this methodology is connecting together Development, Security and Operations. DevSecOps is methodology providing different methods, techniques and processes backed mainly with tooling focusing on developer/security experience.

DevSecOps takes care that security is part of every stage of DevOps loop - Plan, Code, Build, Test, Release, Deploy, Operate, Monitor. Ultimate DevSecOps library

There are several opportunities to test network penetration. These penetration tests are typically carried out by businesses in order to ascertain whether or not their network and all of the devices that are connected to their internal network are secure and up to date in accordance with the policies that they have established.

Imagine that a firm has hired you to conduct a network-based penetration test for them, but all you have is a list of IP addresses, and even then, the corporation isn’t entirely sure how many IP addresses are used internally because there is always the possibility that there are more. Firewall Evasion Techniques using Nmap

Can we finally accept DuckDuckNo is done and dusted?

A DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. ma2tl - mac_apt to timeline

Te puedes vender
Cualquier oferta es buena si quieres poder
Qué fácil es
Abrir tanto la boca para opinar. Héroes del Silencio, Entre Dos Tierras

GradeJS is an open-source project that allows you to analyze webpack production bundles without having access to the source code of a website. It detects a list of bundled NPM libraries and works even for minified or tree-shaken bundles. GradeJS: analyze webpack production bundles

Developers for Android do a lot of work with files and exchange them with other apps, for example, to get photos, images, or user data. Developers often make typical mistakes that allow an attacker to gain access to the app’s internal files, which store sensitive data. This article describes the most typical mistakes developers make and gives the best advice on how to fix them. We will also show how Oversecured can discover all these types of errors. Android security checklist: theft of arbitrary files

Mip22 is a modern and advanced cyber security program for computers with GNU/Linux operating system and mobile phones and tablets with Android operating system, for educational purposes. mip22, an advanced phishing tool

Humans will always flock to the simplest, cheapest distractions available and towards the social setting which offers them most comfort with least investments required and lowest entry barrier available.

There is no integrity in keeping silent when witnessing wrongdoing, even when speaking out may harm your current business prospects.

How I discovered the vulnerability in Huawei’s AppGallery, the consequences and what happened.

Back in February 2022, a developer I know released an app on the AppGallery. While looking at the listing of the app, I started wondering how Huawei’s API worked. After a few minutes, I finally figured out one API that took a package name as a parameter and returned a JSON object with the details of the app. At that point I didn’t know what I would find later on, so I just tried the API with the package name of a known free app: Huawei’s AppGallery itself. Vulnerability in Huawei’s AppGallery: can download paid apps for free

Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification and exploitation. CVE-2022-26133 - Atlassian Bitbucket Data Center RCE PoC