Just Another Blue Teamer · @LeeArchinal
100 followers · 159 posts · Server ioc.exchange
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***
Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify Registry
TA0009 - Collection
T1005 - Data from Local System
TA0011 - Command and Control
T1102 - Web Service
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/
#VXUnderground #minictf #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting #readoftheday
Just Another Blue Teamer · @LeeArchinal
97 followers · 158 posts · Server ioc.exchange
#HappyMonday everyone! I am back from a weeklong "vacation" with an article from the SentinelOne blog but the research was conducted by Pol Thill. There was a challenge thrown down by #VXUnderground and SentinelOne looking for research that was conducted but not previously published, which I think is a really interesting concept and needs to happen more often!
Anyways, here is Pol's research on Neo_Net, the Kingpin of Spanish eCrime! Enjoy and Happy Hunting!
Link in the comments!
Notable MITRE ATT&CK TTPs and Behaviors:
Mobile Matrix:
TA0035 - Collection
T1636.004 - Protected User Data: SMS Messages
TA0037 - Command and Control
T1437.001 - Application Layer Protocol: Web Protocols
T1481.003 - Web Service: One-Way Communication
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Neo_Net | The Kingpin of Spanish eCrime
https://www.sentinelone.com/blog/neo_net-the-kingpin-of-spanish-ecrime/
#happymonday #VXUnderground #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting #readoftheday
Tarnkappe.info · @tarnkappeinfo
2056 followers · 4417 posts · Server social.tchncs.de📬 Lesetipps: LockBit-Ransomware vs. MacOS und tote Vögel als Drohnen
#Lesetipps #ElonMusk #kattascha #PentagonLeak #PiaLamberty #pompompurin #RichardRoberson #TiloJung #VolkerWissing #VXUnderground https://tarnkappe.info/lesetipps/lesetipps-lockbit-ransomware-vs-macos-und-tote-voegel-als-drohnen-273053.html
#VXUnderground #volkerwissing #tilojung #richardroberson #pompompurin #PiaLamberty #pentagonleak #kattascha #elonmusk #lesetipps
Tarnkappe.info · @tarnkappeinfo
1966 followers · 4229 posts · Server social.tchncs.de📬 Lesetipps: Und wann klopfen die Hacker auch bei euch an die Tür?
#Anonymous #Cyberangriffe #DarkCommerce #Datenschutz #Empfehlungen #Internet #ITSicherheit #Kurios #Lesetipps #Linux #Malware #Podcast #ReverseEngineering #Videos #Bildungszwecke #Gcam #GhostSec #HomeGallery #JackRhysider #MediaGoblin #novaGallery #OpBalochistan #qTox #RalfRosanowski #truecrime #uTOX #VXUnderground #Wyroczen https://tarnkappe.info/lesetipps/lesetipps-und-wann-klopfen-die-hacker-auch-bei-euch-an-die-tuer-265998.html
#wyroczen #VXUnderground #utox #truecrime #ralfrosanowski #qtox #opbalochistan #novagallery #mediagoblin #JackRhysider #homegallery #GhostSec #gcam #bildungszwecke #videos #reverseengineering #podcast #malware #linux #lesetipps #kurios #itsicherheit #internet #empfehlungen #datenschutz #DarkCommerce #cyberangriffe #anonymous
Tarnkappe.info · @tarnkappeinfo
1960 followers · 4215 posts · Server social.tchncs.de📬 Activision gehackt: Leak geheimer Call of Duty-Dokumente
#Cyberangriffe #Gaming #ActivisionBlizzard #Activisiongehackt #CallofDuty #PhishingAngriff #PhishingAttacke #Sicherheitsvorfall #VXUnderground https://tarnkappe.info/artikel/gaming/activision-gehackt-leak-geheimer-call-of-duty-dokumente-265832.html
#VXUnderground #sicherheitsvorfall #phishingattacke #PhishingAngriff #callofduty #activisiongehackt #activisionblizzard #gaming #cyberangriffe
D33P_DIV3R · @D33P_DIV3R
13 followers · 6 posts · Server infosec.exchangeOh yeah! I forgot to mention that I’m also a volunteer with #VXUnderground and #malpedia so if you have any questions or just want to connect feel free to reach out.
D33P_DIV3R · @D33P_DIV3R
24 followers · 16 posts · Server infosec.exchangeOh yeah! I forgot to mention that I’m also a volunteer with #VXUnderground and #malpedia so if you have any questions or just want to connect feel free to reach out.
acrypthash👨🏻💻 · @acrypthash
240 followers · 124 posts · Server infosec.exchangeI really enjoy reading white papers in the morning when I have time. I just finished up this brief one written earlier in the year about bypassing PPLs in Windows:
PROCESS_QUERY_LIMITED_INFORMATION is capable of successfully opening tokens and reading them, which can then allow visibility on what permissions are needed to access and hollow out a service. There is nothing new here it seems, but still very interesting IMO. Elastic Security's implementation of a fix seems to be good by denying TOKEN_WRITE with certain trust labels.
#blueteam #windows #exploit #token #malware #services #processhollowing #vxunderground
#VXUnderground #blueteam #windows #exploit #token #malware #services #processhollowing
ohCoz · @ohCoz
120 followers · 17 posts · Server infosec.exchangeyou know it's a great night when you get lost down the VX-underground rabbit hole #malwareresearch #VXUnderground
#malwareresearch #VXUnderground
Tarnkappe.info · @tarnkappeinfo
1529 followers · 3787 posts · Server social.tchncs.de
📬 Intels Alder Lake BIOS-Quellcode angeblich online geleakt
#Internet #Kurznotiert #AlderLake #Bios #Exploit #Intel #Leak #Quellcode #VXUnderground https://tarnkappe.info/artikel/internet/intels-alder-lake-bios-quellcode-angeblich-online-geleakt-257526.html
#VXUnderground #quellcode #leak #intel #exploit #bios #AlderLake #kurznotiert #internet
Tarnkappe.info · @tarnkappeinfo
1529 followers · 3787 posts · Server social.tchncs.de
📬 REvil: Angriff auf milliardenschweren Fertigungsriesen
#Hacking #Internet #FSB #MideaGroup #RansomwareREvil #RansomwareAngriff #RansomwareErpressung #VXUnderground https://tarnkappe.info/artikel/hacking/revil-angriff-auf-milliardenschweren-fertigungsriesen-255110.html
#VXUnderground #RansomwareErpressung #RansomwareAngriff #RansomwareREvil #MideaGroup #fsb #internet #hacking
Tarnkappe.info · @tarnkappeinfo
1529 followers · 3787 posts · Server social.tchncs.de📬 Cuba-Ransomware: Das FBI soll Montenegro helfen
#Hacking #Internet #CyberAngriff #DusanPolovic #FBI #Killnet #MarasDukaj #RansomwareAngriff #VXUnderground https://tarnkappe.info/artikel/hacking/cuba-ransomware-das-fbi-soll-montenegro-helfen-255089.html
#VXUnderground #RansomwareAngriff #MarasDukaj #Killnet #fbi #DusanPolovic #cyberangriff #internet #hacking