Sys-Admin InfoSec

24 Mar 2023 05:29

/ New guidance for identity and access management (IAM) from CISA and NSA for Administrators

Sys-Admin InfoSec

23 Mar 2023 09:45

Открытый практикум DevOps by Rebrain: Матрица зрелости систем
 
• 28 Марта (Вторник), 19:00 по МСК. Регистрация

Программа:
• Что такое матрица зрелости и зачем она?
• Процесс внедрения матрицы зрелости в компании

Ведет:
Александр Крылов - Lead DevOps, опыт работы в DevOps более 7 лет. Спикер конференций: DevOps conf, TeamLead conf, Highload conf. Автор курса по Haproxy на Rebrain.

Sys-Admin InfoSec

22 Mar 2023 13:44

/ Attackers are starting to target .NET developers with malicious-code NuGet packages

https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/

Sys-Admin InfoSec

20 Mar 2023 16:36

/ (Ab)using Adobe Acrobat Sign to distribute malware

https://blog.avast.com/adobe-acrobat-sign-malware

Sys-Admin InfoSec

17 Mar 2023 10:23

/ How to defences via the Win Registry from OneNote Malware

— https://www.huntress.com/blog/addressing-initial-access

Sys-Admin InfoSec

17 Mar 2023 02:20

/ CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/

Sys-Admin InfoSec

16 Mar 2023 09:45

Открытый практикум Networks by Rebrain: Знакомство с Wireguard
 
• Вспоминаем что такое туннелирование
• Установка wireguard
• Настройка wireguard
• How it works?
• Как быть, если много клиентов? firezone!

• 23 Марта (Четверг), 20:00 по МСК. Детали
• Роман Стельмах - Cетевой инженер - Cisco, Huawei, HP. Linux сисадмин.

Sys-Admin InfoSec

16 Mar 2023 06:38

/ Uncovering Windows Events

This post will focus on the process I followed to understand the events the Threat-Intelligence ETW provider logs and how to uncover the underlying mechanisms. One can use a similar process when trying to reverse other manifest-based ETW providers. This post isn’t a deep dive into how ETW works… Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s:

https://posts.specterops.io/uncovering-windows-events-b4b9db7eac54

Sys-Admin InfoSec

15 Mar 2023 18:34

/ Tick APT group compromise of a DLP software developer in East Asia

https://www.welivesecurity.com/2023/03/14/slow-ticking-time-bomb-tick-apt-group-dlp-software-developer-east-asia/

Sys-Admin InfoSec

15 Mar 2023 00:55

/ Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

Impacted Products:
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected:

— https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/

Sys-Admin InfoSec

14 Mar 2023 11:45

GOAD (Game Of Active Directory) - version 2

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques:

-- https://github.com/Orange-Cyberdefense/GOAD

Sys-Admin InfoSec

14 Mar 2023 09:15

/ YouTube under fire for allegedly gathering children's data

YouTube collects children’s data… Little steps for settings up YouTube Kids for more protect from harmful activitires from media platform:

— https://www.malwarebytes.com/blog/news/2023/03/youtube-under-fire-for-allegedly-gathering-uk-childrens-data

Sys-Admin InfoSec

13 Mar 2023 07:57

/ GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/

Sys-Admin InfoSec

10 Mar 2023 20:36

/ Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts:

https://www.veeam.com/kb4424

Sys-Admin InfoSec

09 Mar 2023 10:32

/ CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE

https://blog.aquasec.com/jenkins-server-vulnerabilities

Sys-Admin InfoSec

23 Mar 2023 14:54

/ Cisco Event Response: March 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

— https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842

Sys-Admin InfoSec

22 Mar 2023 13:45

/ ShellBot Malware Being Distributed to Linux SSH Servers

https://asec.ahnlab.com/en/49769/

Sys-Admin InfoSec

21 Mar 2023 10:50

Good News and New Changes in Sys-Admin Open BLD ecosystem
 
lab.sys-adm.in - it's AD/Malicious-free Open BLD DNS secure service, today I happy present for you/us few good news:

New security concepts
🐕 Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructure has centralized automated hacking IP mitigation system
☀️ Updates - With open Sys-Admin activities now we are have two new instruments which can change security protection prism which based on open source tools/instruments…
🐌 Speed - Extremely improved speed for collecting/merging/compressing and deploying block/allow lists from Internet

Results
🌵 Cactusd Server, which writen from scratch on GoLang - fully replace BLD-Server update service
🧘 ip2drop replaced fail2ban in Open BLD ecosystem
🥋 All servers has new firewall settings and improvements

Deprecations
♻️ BLD-Server will deprecated and excluded from Sys-Admin activities/supporting in future (thanks nodejs which was fundament for this service) ⚰

Welcome
👋 I'm looking for talent, experts, programmers and just good and positive people for code-review, feedback, suggestions and etc - Welcome 🤜🤛

Sys-Admin InfoSec

20 Mar 2023 11:11

/ KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099

PatchWinREScript_2004plus.ps1 (Recommended)

This script is for Windows 10, version 2004 and later versions, including Windows 11:

-- https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589

Sys-Admin InfoSec

17 Mar 2023 02:21

/ Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

Sys-Admin InfoSec

16 Mar 2023 13:39

Active Directory Cheatsheet with code examples

- internal audit
- port forwarding
- bypass EP
- enumeration
- and etc…

— https://hideandsec.sh/books/cheatsheets-82c/page/active-directory

Sys-Admin InfoSec

16 Mar 2023 08:56

/ OpenSSH 9.3 has just been released

With security and another fixes — https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-March/040641.html

Sys-Admin InfoSec

16 Mar 2023 06:32

/ Highlights from Git 2.40

Git project just released Git 2.40 with features and bug fixes from over 88 contributors, 30 of them new:

https://github.blog/2023-03-13-highlights-from-git-2-40/

Sys-Admin InfoSec

15 Mar 2023 11:45

Намечается новая кибер-конфа в Алматы - AppSecFest
 
Совпало, что я оказался знаком с организаторами данной конфы - это будет апрель 2023, это будет посвящено Application Security и DevSecOps тематикам в РК.

Организаторы обещают:
• Качественный нетворкинг
• 250+ участников
• 8-ми часовую длительность + афтепати
• Стенды от вендоров
• Проходить будет 21 апреля, ТЦ Forum Алматы

Заявки на доклады - appsecfest@astlab.kz, сайт - https://appsecfest.kz

Sys-Admin InfoSec

15 Mar 2023 00:52

/ Windows SmartScreen Security Feature Bypass Vulnerability

Impact: Security Feature Bypass, CVE-2023-24880

— https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880

Sys-Admin InfoSec

14 Mar 2023 11:37

/ Kali Linux 2023.1 Release (Kali Purple & Python Changes)

https://www.kali.org/blog/kali-linux-2023-1-release/

Sys-Admin InfoSec

14 Mar 2023 06:30

/ Microsoft 365 enumeration, spraying and exfiltration - TeamFiltration in the spotlight

TeamFiltration is self-defined as a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.

Article, we will look at its capabilities and how we can potentially detect related events in Azure AD and Microsoft 365 logs. While the article focuses on TeamFiltration, the learnings apply to any similar toolset:

— https://guillaumeben.xyz/Microsoft-365-enumeration/

Sys-Admin InfoSec

11 Mar 2023 08:01

/ Home Assistant Supervisor security vulnerability

Authentication bypass Supervisor API:

https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/

Sys-Admin InfoSec

10 Mar 2023 20:35

/ Stealing the LIGHTSHOW (Part One)

Analysys of phishing campaign targeting a U.S.-based technology companies... The phishing payloads primarily utilized by UNC2970 are Microsoft Word documents embedded with macros to perform remote-template injection to pull down and execute a payload from a remote command and control (C2). Mandiant has observed UNC2970 tailoring the fake job descriptions to specific targets:

https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

Sys-Admin InfoSec

09 Mar 2023 09:45

Открытый практикум Linux by Rebrain: RAID массивы
 
• 15 Марта (Среда) в 20:00 по МСК. Регистрация

Программа практикума:
• RAID массивы, виды, особенности
• Как подобрать тип RAID массива
• Актуальны ли сегодня аппаратные RAID контроллеры?
• Работа с mdadm

Ведет:
• Андрей Буранов - Специалист по UNIX-системам в компании VK. Опыт работы с ОС Linux более 7 лет.

P.S. Запись практикума “DevOps by Rebrain” в подарок за регистрацию