Ars Technica: North Korea-backed hackers target security researchers with 0-day https://arstechnica.com/?p=1966395 #Tech #arstechnica #IT #Technology #securityresearchers #NorthKorea #Security #unc2970 #Biz&IT #zinc

@conansysadmin #TTX scenario idea - Your #devops team is at a #cybersecurity conference, and after dinner is sitting in a bar having a few drinks and loose-tongue talking "anonymously and confidentially" to other people who are "#securityresearchers"

Anonymously == while wearing their badges

hardwear.io (https://hardwear.io/usa-2023/):

🛰️Calling out #hardwarehackers #securityresearchers to share your latest research not just limited to embedded systems security, IoT, 💽integrated circuits

⚠️Call for Paper is open till 10th Aug ⌚https://t.co/JDD8L7LSME

#hw_ioNL2023 #CFP #embeddedsecurity #Conference https://t.co/f0jRVvEioz

💻Not just an #infostealer…

#securityresearchers have been busy over the weekend linking #3CX #supplychain attacks to a more formidable #backdoor pattern with another infamous North Korean threat actor group, #lazarus
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

North Korean hackers target security researchers with a new backdoor

Campaign uses carefully crafted LinkedIn accounts that mimic legit people.

#NorthKorea #SecurityResearchers #LinkedIn
https://arstechnica.com/information-technology/2023/03/security-researchers-are-again-in-the-crosshairs-of-north-korean-hackers/

Some New #codes / #researches for Some #Pentesters / #RedTemaers / #BlueTeamers and #securityresearchers Added to the list:
#cybersecurity #offensivesecurity #securityresearch #defensive #redteam #blueteam #pentest

Full List here => https://github.com/DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers

1. [offensive] @trickster012 , (Rust Weaponization for Red Team Engagements) => https://lnkd.in/eWsKKFY9

2. [offensive] @trickster012 , (roof of concept of bypassing(unhooking) the hook of potential EDRs) => https://lnkd.in/eQwQr4sY

3. [offensive] Deep Instinct , (A POC for the new injection technique, abusing windows fork API to evade EDRs) => https://lnkd.in/eGP2haTc

4. [offensive] @daem0nc0re , (investigation of Windows process execution techniques [C#]) => https://lnkd.in/eeyFi5Xz

5. [offensive] @D1rkMtr , (Bypass Userland EDR hooks by Loading Reflective Ntdll in memory) => https://lnkd.in/eVTy8WvP

6. [defensive] @ZeroMemoryEx , (malware analysts to extract Command and Control C2 traffic) => https://lnkd.in/eGWGKWgQ

7. [offensive] lem0nSec , (CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode) => https://lnkd.in/eQ6ssfhK

8. [offensive] QAX A-Team , (A tool mainly to erase specified records from Windows event logs) => https://lnkd.in/eywTbFzr

9. [offensive] 3gstudent , (Remove individual lines from Windows XML Event Log (EVTX) files) => https://lnkd.in/ebn4AdaH

10. [offensive] @hlldz , (Windows Event Log Killer) => https://lnkd.in/es7V6xHt

11. [defensive] @foxit , (detect use of the DanderSpritz eventlogedit module [recover the removed event log entries]) => https://lnkd.in/evWYwRXQ

12. [offensive] @Ceramicskate0 , (C# Tool to interact with MS Exchange based on MS docs) => https://lnkd.in/ehiAcM6Z

13. [offensive] @reveng007 , (implant will exfiltrate data via smtp and will read commands from C2 [Gmail] via imap protocol) => https://lnkd.in/eBiXyEtR

14. [offensive] @cyberwarfarelab , (VectoredSyscall) => https://lnkd.in/eps_aJ6Z

15. [offensive] fosstodon.org/@mttaggart , (Notion as a platform for offensive operations) => https://lnkd.in/eXvKFTwP

16. [offensive] @t3l3machus , (A Windows reverse shell payload generator) => https://lnkd.in/e-Ce2zii

17. [offensive] @idov31 , (Sandman is a NTP based backdoor for red team engagements in hardened networks) => https://lnkd.in/eWzsBdXD

Full List here => https://github.com/DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers

i saw some article and post which some red-teamers and pentesters talked about what they know and what they can do via C++ and why they think they are better than others ;D (too much arrogant) just because they know little thing to do something via C++ and they think with other language you CAN NOT DO that (just because they don't know nothing about other languages) and they talk about other languages like Java or C# or ... and said hey Java is awful or C# even is not Programming language (these guys make me fun ;D, and its clear they really don't know what they say about others and other programming languages ;p) etc
to me (or probably to all of us) this is not important who are you and what you did or how many years you have experience in #redteaming #pentesting #blueteaming
but the thing is really important to me "be #humble as [adult guy]" and believe me mocking others just show us which you know nothing about that thing which you talked about that (like other #programming #languages )

I saw a lot Pentester/Redteamers which even some of them are younger than me which have/had lower than me experience of pentesting/redteaming or ... but they have very nice & powerful skills in programming to bypassing AVs/EDRs "better than me" and i learned a lot things from them, some of them are C# developers C++ Java Python/Rust etc, believe this or not even some C++ Developer or C# Developer which are not in my cyber security field was my best instructors and i learned from them a lot things,but because they are Developers i did not ignore them for learning new things from them etc
also
i saw some #Redteamers or #Pentesters which never write C2 server/client code by-itself (always work with #C2 tools which made/wrote by others) talked about other Redteamers/ #Securityresearchers which made C2 server by-itself with any languages like C++/C#/java... and mocking them for their works or their codes, and again that because they are not real/good Programmer and they "can not do" that more often thats why they talk about others like that ;), believe me Programming is not Easy in these Fields like Pentesting/Redteaming and C2 programming really IS NOT EASY to do that especially if you want to write C2 server by-itself so you guys really don't know any thing about programming and still talk about that ;D

i know C++ but i never ever talking about C++ like that which you can't do that in C++ and only in C# you can do it, instead i said you can do this in C# simply which probably you can not do this in C++ SIMPLY"
that means just because "i am not C++ Pro Programmer" i can not say you CAN NOT DO THAT IN C++...(because i know you can do that probably in any languages but how).

does not matter how are you and where you live, or work for who, important thing is "be humble" and "be good learner" without "arrogant, childish things"

finally to those make code by itself let others learn from you and don't listen to these type of
guys (make your own chik chik)

I am "you.com" fan ;D
simple trick to create your code via #AI NICE...

this platform is very useful for #SecurityResearchers , #Pentesters / #Redteamers / #blueteamers / #CyberSecurity / #instructors / #infosec guys/ #developers and...
#chatgpt #youdotcom #you #ai

simple trick to create your code via #AI NICE...

I am you.com fan ;D
this platform is very useful for #SecurityResearchers , #Pentesters / #Redteamers / #blueteamers / #CyberSecurity / #instructors / #infosec guys/ #developers and...
as cyber security researcher and pentester this you-chat and search help me too much, a lot people in the world now get this point which you.com is awesome and also is useful/helpful for their research etc, for me this was helpful/useful to research or make some great new codes or new technique based on AI search/chat result which made by you.com platform and for research and learning new things i just use "YOU.COM" more than Google.com, probably more than 80% of my work/research is on you.com platform and maybe 20% in google or ... , thank you guys in "you.com" and WELL DONE....
#chatgpt #youdotcom #you #ai

for learning how can use this platform watch their videos one-by-one they are awesome and really good explained => https://www.youtube.com/@yousearchengine

for "Developers": one of good example from you.com => https://www.youtube.com/watch?v=BO6E3UVmkmc

for "Developers": Turn PYTHON into JAVA? Code Translate on you.com => https://www.youtube.com/watch?v=JC_KvIjXDKk

Good Video about you.com:
You.com Vs. Chat GPT
https://www.youtube.com/watch?v=uLqmaICxe_g

those Cyber Security guys which called itself #pentester or #Redteamer or #SecurityResearcher "just because" they are in university (learning something As [basics ;D more often] or academic things or out-of-date things ;D) and they "did not have any Experience" in Cyber Security Fields (even 1 year) and some of them even did not have any good/unique/new Cyber Security Research or tools/codes (which shared before to public).
and yeah we call them beginner "geniuses" in cyber security lol

Vs

those Cyber Security Guys which they have at least 3-5 years experience of learning real/new/unique things in these fields like #penetrationtesting or #redteaming or #securityresearch .

believe me your academic things are "Bullshit" and your instructors did not have updated content , they even don't have good viewpoint for cyber security fields like Penetration test or ... ,more often they don't have any experience of working with Offensive tools like Modern C2 servers, they don't know how you can write Offensive Codes like Writing #C2 server/agent (and why should do that) or they don't know how you can writing Offensive codes for bypassing #avs or #EDRs or #bypassing other things ... you don't know about these things or a lot other things which you should learn them outside of university "by yourself".

you can learn these things from #infosec #communities (with read Articles or Learn Courses which shared Publicly or Privately by #SecurityResearchers and #Pentesters or #redteamers or #blueteamers) and you need at least 2-3 years experiences for learn these new things.

Some guys think if you know all tools in Kali linux then you can call yourself #Pentester or Red-teamer, which is not true "geniuses".
Penetration testing is not about Tools , its about background "concepts" of tools omfg "remember this". (its about logic behind tools)

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys - Hacker forums are a rich source of threat intelligence. https://threatpost.com/dark-web-security-researchers-bad-guys/161172/ #criticalinfrastructure #securityresearchers #undergroundforum #vulnerabilities #infosecinsider #cybercriminals #threatresearch #cloudsecurity #aamirlakhani #websecurity #hackerforum #fortinet #malware #darkweb #darknet #hackers #breach #hacks

Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits - Patches for both the Chrome desktop and Android browser address high-severity flaws with known exp... https://threatpost.com/chrome-holes-actively-targeted/160890/ #googlethreatanalysisgroup #remotecodeexecution #securityresearchers #googleprojectzero #vulnerabilities #mobilesecurity #securityupdate #javascript #bugbounty #zero-day #android #browser #chrome #google

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser - The memory-corruption vulnerability exists in the browser’s FreeType font rendering library. https://threatpost.com/google-patches-zero-day-browser/160393/ #securityresearchers #googleprojectzero #vulnerabilities #sergeiglazunov #zerodayproject #freetype #zero-day #browser #windows #chrome #google #linux #mac

Safari Bug Revealed After Apple Takes Nearly a Year to Patch - Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attac... https://threatpost.com/safari-bug-revealed-after-apple-takes-nearly-a-year-to-patch/158612/ #securityresearchers #vulnerabilities #pawelwylecial #vulnerability #websecurity #bugbounty #attackers #browsers #hackers #safari #apple #patch #flaw

Microsoft Offers Rewards of Up to $20,000 in New Xbox Bug Bounty Program - Program is the latest the tech giant has launched that pay users and security researchers to find ... more: https://threatpost.com/microsoft-offers-rewards-of-up-to-20000-in-new-xbox-bug-bounty-program/152424/ #microsoftsecurityresponsecenter #securityresearchers #vulnerabilities #bugbounty #microsoft #xboxlive #hackers #rewards #gamers #gaming #azure #bugs #xbox