BinBreaker 🛃

2021-11-10 12:21:22 https://github.com/mvt-project/mvt

Mobile Verification Toolkit

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

#tools #opensource #forensics #Pegasus #NSOGroup Open / Comment

2021-11-02 19:15:05 https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-windows-is-getting-a-massive-overhaul/

Microsoft Defender for Windows is getting a massive overhaul

Microsoft Defender for Windows is getting a massive overhaul allowing home network admins to deploy Android, iOS, and Mac clients to monitor antivirus, phishing, compromised passwords, and identity theft alerts from a single security dashboard.

#news #security #microsoft #defender #av Open / Comment

2021-11-01 18:54:22 https://malapi.io

MalAPI.io maps Windows APIs to common techniques used by malware.

#tools #cheatsheet #malware Open / Comment

2021-10-06 19:18:09 https://posts.specterops.io/life-is-pane-persistence-via-preview-handlers-3c0216c5ef9e

Life is Pane: Persistence via Preview Handlers

#article #windows #persistence #redteam Open / Comment

2021-08-06 16:55:14 https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/

Super Duper Secure Mode

The VR team is experimenting with a new feature that challenges some conventional assumptions held by many in the browser community. Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value.

#article #windows #edge #browser #exploit #mitigation #sdsm Open / Comment

2021-07-30 12:09:12 https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

From Stolen Laptop to Inside the Company Network

What can you do with a stolen laptop? Can you get access to our internal network? That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.

#article #hack #blackbox #hardware #bitlocker #tpm Open / Comment

2021-07-27 20:38:11 'Pegasus' Android Version

Old but gold!
Use at your own risk.

#pegasus Open / Comment

2021-07-27 20:08:03 https://arkadiyt.com/2021/07/25/scanning-your-iphone-for-nso-group-pegasus-malware

Scanning your iPhone for Pegasus, NSO Group's malware

In collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mobile phones that is sold to governments around the world by NSO Group. It’s used to target political leaders and their families, human rights activists, political dissidents, journalists, and so on, and surreptitiously download their messages/photos/location data, record their microphone, and otherwise spy on them.

#tools #exploit #pegasus #ios Open / Comment

2021-06-09 07:36:37 https://dfirtnt.wordpress.com/2020/11/25/detecting-ransomware-precursors/

Detecting Ransomware Precursors

The business model for Ransomware has evolved to include multi-level and multi-stage services and tool kits. Initial access is often accomplished by 1st stage compromise, followed by 2nd stage download/drop of tools like Emotet, Trickbot, and Qakbot. This 2nd stage allows adversaries to lurk in your network, profiling normal use and/or searching for targets of maximum impact. At this point the attack often looks like any other infiltration. However, several techniques are often observed just prior to ransomware execution. In this post I’ll provide examples of these detectable behaviors which you can use to build SIEM alerts, custom EDR prevention/response rules, and threat hunting logic.

#article #windows #ransomware Open / Comment

2021-06-07 10:28:21 https://medium.com/@johncantrell97/how-i-checked-over-1-trillion-mnemonics-in-30-hours-to-win-a-bitcoin-635fe051a752

How I checked over 1 trillion mnemonics in 30 hours to win a bitcoin

#article #idea #btc #crypto Open / Comment