Nov 18, 2021
A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.
seen from Sweden
seen from United Kingdom
seen from Türkiye
seen from Poland
seen from Brazil
seen from United Kingdom
seen from China
seen from United Kingdom
seen from China
seen from Malaysia
seen from Germany
seen from China
seen from Sri Lanka
seen from Germany
seen from United States
seen from Kazakhstan
seen from Japan
seen from Germany
seen from United States
seen from Lithuania
A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.
The files your PC needs to run are secretly being used by hackers to spy on you
Read the full report on -
CyberDudeBivash News delivers daily cybersecurity threat intel, CVE alerts, malware trends, and crypto security briefings.
Malware Hides as Free VPN on GitHub
Threat actors are exploiting GitHub to spread dangerous malware disguised as free VPN and Minecraft tools, tricking users into installing Lumma Stealer via stealthy process injection. This campaign uses legitimate Windows processes to slip past security measures, putting user data at serious risk.
Source: CYFIRMA
Read more: CyberSecBrief
https://bit.ly/3tgesM8 - 🎉 SafeBreach Labs Researchers have unveiled groundbreaking process injection techniques using Windows thread pools, outwitting leading endpoint detection and response (EDR) systems. These new methods, named "Pool Party" variants, bypass current EDR solutions by injecting malicious code into legitimate processes, posing a significant challenge for traditional cybersecurity measures. #CyberSecurity #ProcessInjection 🛡️ Understanding the limitation of existing process injection techniques, researchers explored Windows thread pools as a novel vector. They developed eight unique techniques that work across all processes without limitations, enhancing their flexibility and effectiveness. These methods prove undetectable against five leading EDR solutions, highlighting a critical gap in current cyber defense strategies. #InnovationInCyberSecurity #ThreadPools 🔍 The research delved deep into the architecture of Windows thread pools, identifying potential areas for process injections. It focused on worker factories, task queues, I/O completion queues, and timer queues. The techniques involved manipulating these components to execute malicious code, revealing a sophisticated approach to cyber attacks. #TechResearch #AdvancedCyberAttacks 💻 Notably, the Pool Party variants were tested against five major EDR solutions, including Palo Alto Cortex and Microsoft Defender. All variants successfully evaded detection, demonstrating a 100% success rate. This finding underscores the need for continuous evolution and improvement in cybersecurity tools and practices. #EDRBypass #CyberThreats 🌐 The implications of this research are significant for the cybersecurity community. While EDR systems have evolved, they currently lack the capability to generically detect new process injection techniques. This research emphasizes the need for a more generic detection approach and deeper inspection of trusted processes to combat sophisticated cyber threats. #CyberDefense #InnovationInSecurity 🔗 SafeBreach has responsibly disclosed their findings and shared the research with the security community. By openly discussing these techniques at Black Hat Europe and providing a detailed GitHub repository, they aim to raise awareness and aid in the development of proactive defense strategies against such advanced attacks.