Found 19 bookmarks
Custom sorting
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report
#cyfirma#EN#2024#Unidentified#Threat#Actor#Malware#research#Android#Spynote#Remote#Administration#Tool
·cyfirma.com·
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
SmokeBuster Tool
SmokeBuster Tool
  • ThreatLabz has developed a tool named SmokeBuster to detect, analyze, and remediate infections. SmokeBuster supports 32-bit and 64-bit instances of SmokeLoader and versions 2017-2022. The tool is compatible with Windows 7 to Windows 11. SmokeLoader is a malware downloader that originated in 2011. The malware is primarily designed to deliver second-stage payloads, which include information stealers and ransomware. Despite a major disruption by Operation Endgame in May 2024, SmokeLoader continues to be used by numerous threat groups largely due to numerous cracked versions publicly available on the internet. The last four versions of SmokeLoader contain coding flaws that significantly impact an infected system’s performance.
#zscaler#EN#2024#tool#SmokeBuster#SmokeLoader#Operation-Endgame
·zscaler.com·
SmokeBuster Tool
Mail in the middle – a tool to automate spear phishing campaigns
Mail in the middle – a tool to automate spear phishing campaigns
The idea is simple; take advantage of the typos that people make when they enter email addresses. If we positioned ourselves in between the sender of an email (be it a person or a system) and the legitimate recipient, we may be able to capture plenty of information about the business, including personally identifiable information, email verification processes, etc. This scenario is effectively a Person-in-the-Middle (PiTM), but for email communications.
#Orange-Cyberdefence#sensepost#2024#EN#Typosquatting#tool#mail#domain
·sensepost.com·
Mail in the middle – a tool to automate spear phishing campaigns
Introducing: Red Canary Mac Monitor
Introducing: Red Canary Mac Monitor
Mac Monitor is Red Canary’s newly available tool for collection and dynamic system analysis on macOS endpoints. Red Canary Mac Monitor is a feature-rich dynamic analysis tool for macOS that leverages our extensive understanding of the platform and Apple’s latest APIs to collect and present relevant security events. Mac Monitor is practically the macOS version of the Microsoft Sysinternals tool, Procmon. Mac Monitor collects a wide variety of telemetry classes, including processes, interprocess, files, file metadata, logins, XProtect detections, and more—enabling defenders to quickly and effectively analyze enriched, high-fidelity macOS security events in a native, modern, and customizable user interface
#redcanary#EN#2023#tool#Monitor#announce#macOS#monitoring#Sysinternals#Procmon
·redcanary.com·
Introducing: Red Canary Mac Monitor
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
#cisa#EN#2023#tool#AD#Azure#M365#hunting#blueteam#check
·cisa.gov·
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
#proofpoint#EN#2022#redteam#tool#Nighthawk#C2#framework#threat
·proofpoint.com·
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
#macOS#EN#tool#esmat#commandline#endpointsecurityframework#apple#log#logging
·uberagent.com·
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
#cisa#EN#2023#tool#AD#Azure#M365#hunting#blueteam#check
·cisa.gov·
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
#proofpoint#EN#2022#redteam#tool#Nighthawk#C2#framework#threat
·proofpoint.com·
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
#macOS#EN#tool#esmat#commandline#endpointsecurityframework#apple#log#logging
·uberagent.com·
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
#macOS#EN#tool#esmat#commandline#endpointsecurityframework#apple#log#logging
·uberagent.com·
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk