It is 2024 and here we have yet another critical SQL Injection ( #SQLi ) vulnerability in a commercial product by a *CyberSecurity* vendor - F5! (PaloAlto vuln was a couple of weeks ago)

#OWASPTop10

my.f5.com/manage/s/artic…

Rob Fuller

What? Oh boy …

Did you know Entra stores LAPS password history? :)

The Entra/Intune portal only shows the most recent one, so if you happen to do a lot of snapshots/reverts for testing like I do, the below command will show you all passwords and when they changed

$name is device name

Windows 11 24H2 will enable BitLocker encryption for everyone, happens on both clean installs and reinstalls.

BitLocker has been proven to impact system performance, particularly SSD performance.
SSD performance can drop by up to 45% depending on the workload

Even worse, if…

🚀🚀🚀

So DHCP options have always been an ugly mess. Sure RFC3442, let's let mostly unauthenticated network broadcasts install static routes into client routing tables. What could possibly go wrong?

Combined with the 0.0.0.0/1 trick from Leviathan folks' recent post, using DHCP to…

New blog from Kevin Haubris based on some new tooling after XZ Utils incident.

trustedsec.com/blog/xz-utils-…

Holy cow ... someone is trying to trigger me
#YARA
github.com/SentineLabs/XP…

Debloat is for deflating executables. (github.com/Squiblydoo/deb…)

But if you all see other file formats that attackers inflate, send them my way too!

The following is an image of an LNK with 200 MB of null bytes slapped on the end (the overlay).

(Image is from the tool #malcat )

This blog introduces a new 0day technique discovered by OffSec Technical Trainer Victor “Vixx” Khoury, the process he used to exploit it, and the proof of concept code to bypass AMSI in PowerShell 5.1 and PowerShell 7.4: offs.ec/44owQR3

#Germany #APT28 #FancyBear
'APT28: From Initial Damage to Domain Controller Threats in an Hour' is now updated and has some additional sources with the latest IOCs including own research (at the end of the article as threat hunting opportunities).
link.medium.com/xfX7eNU7mJb

😂

Hunting Muddy Water 🇮🇷 with Validin

DNS records host mshta.exe/command line queries in TXT records🎯

Intel-Ops

Come and join and we will teach you how to hunt adversaries!

docs.google.com/forms/d/10oy2Z…

/mason.burton.onionmail.org and linked Muddy Water domains…

This is an underrated tool for testing github.com/p0dalirius/LDA…

We've enabled multi-threading in all THOR versions, including the free THOR Lite. I'm also thrilled about the upcoming 'Audit Trail' mode for our 'Forensic Lab' license, offering detailed JSON output for enriching timelines and performing correlations.

Can’t we get this as an open source tool that disables the other 100 unneeded „features“ like the bing search in Windows?

Holy hannah! Disabling web search on the start menu makes it so much faster and effective. No lag at all anymore!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search

Make a new DWORD (32-bit) called: BingSearchEnabled

Ensure the value = 0

Europe is maybe two months from passing laws that end private communication as we know it, and folks are looking the other way (understandably.) You’re not going to get a do-over once these laws are passed.