Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe

Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?

#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.

Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!

Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.

A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!

#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.

The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.

As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe

#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure

Okay. I get it. #CobaltStrike is indeed the Gold Standard of C2 Post-Exploitation. Followed by #BruteRatel But are you aware that a lot of open-source frameworks are catching up? As long as you are willing to deal with breakages and working around bugs, you can do the same thing, including but not limited to Malleable C2 Profiles, fork-and-run techniques, no-PowerShell PowerShell commands, etc.

What do y'all think about a #C2 detection series including #SecurityOnion and #Velociraptor, illustrating the compliments and differences of host and network-based detection and response?

#BruteRatel
#CobaltStrike
#DFIR
#ESM
#Havoc
#Infosec
#NSM
#Sliver
#Sysmon

Cool feature coming soon to Brute Ratel 1.4 based on this project:
https://github.com/D1rkMtr/FilelessRemotePE
“…can use…any tool written in Clang/GCC in the memory of your own payload”. That would be a huge win because having to rewrite every BOF to be compatible with BRC4 is a gigantic pain and effectively eliminates one of the biggest benefits to BOFs…reuse.
#BruteRatel #BRC4 #BOF

https://thebinaryhick.blog/2022/10/29/thats-no-honey-badger-its-a-brute-ratel-a-look-at-brc4/
#IR #redteam #bruteratel