Jaqwerty

2,452 Added | 14 Magazines | 2 Likes | 1,128 Followers | @Jaqwerty | Keep up with Jaqwerty on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “Jaqwerty”

Assessing the Effectiveness of Hash-based Application Whitelisting Blacklist Rules

Signed Scripts with Embedded Authenticode Signatures are Vulnerable to Bypass.<p>A signed script can contain a base64 encoded blob embedded at the end …

Cybersecurity

Hacking around HTA files

<b>License :</b> Copyright Emeric Nasi (@EmericNasi), some rights reserved<br>This work is licensed under a Creative Commons Attribution 4.0 International …

Cybersecurity

signature-base/gen_mal_scripts.yar at master · Neo23x0/signature-base

/* Various rules - see the references */<p>rule PS_AMSI_Bypass {<p>meta:<p>description = "Detects PowerShell AMSI Bypass"<p>author = "Florian Roth"<p>reference = …

Forensics

Antivirus scan for e68bb5d99d7b81e01795ff05b8e88d2b498df32232a18163e51d4bba07ea4b16 at 2018-02-16 13:42:34 UTC

<b>The file being studied is a Portable Executable file!</b> More specifically, it is a Win32 EXE file for the Windows command line subsystem.<p>PE header …

Cybersecurity

Antivirus

Result<p>Update<p>Symantec<p>Downloader<p>20180216<p>Ad-Aware<p>20180216<p>AegisLab<p>20180216<p>AhnLab-V3<p>20180216<p>Alibaba<p>20180209<p>Antiy-AVL<p>20180216<p>Arcabit<p>20180216<p>Avast<p>20180216<p>Ava …

Alibaba Group

Hello World! Introducing the Bishop Fox Cybersecurity Style Guide

<b>Download the Bishop Fox Cybersecurity Style Guide (Version One) Here</b>How do you pronounce <b>SQL</b>? Should you write <b>denial of service</b> with hyphens? Is it <b>pen</b> …

Style Guides

Hacker im Staatsauftrag

• Cyberangriffe sind über die Jahre deutlich ausgefeilter geworden. Das führt aber auch dazu, dass man Hacker einfacher enttarnen kann.<br>• APT-Attacken …

APT Simulator

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised<p>Use Cases<p>POCs: …

Forensics

Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Last year, Equifax admitted hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK and Canada.<p>The …

Identity Theft

I’m harvesting credit card numbers and passwords from your site. Here’s how.

If an attacker successfully injects any code at all, it’s pretty much game over<p>Looking back on these golden years, I can’t believe people spend so …

JavaScript

Tutorial: Creating Yara Rules for Malware Detection

Tutorials

toolsmith #131 - The HELK vs APTSimulator - Part 1

Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho Man" Savage …

8 Nation-State Hacking Groups to Watch in 2018

The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.<p>1 of 9<p><i>(Image: NicoElNino via Shutterstock)</i><p>The …

Cybersecurity

Sysinternals Sysmon suspicious activity guide

Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating system level. Sysmon is running in the background …

Now you see me: Exposing fileless malware

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and …

Cybersecurity

Data Science at the Command Line

Welcome<p>Please note that this website is currently slightly out-dated with respect to the published book. I’m slowly working my way through the entire …

Data Science

This is one of the most terrifying things I’ve seen in all my life https://t.co/Yp9xlhdKC9

The bug bounty program that changed my life

This is a real story or not, that occured in mid 2017 or not, about a private program or not, on Hackerone or not, believe me or not, but it changed …

Information Security

How To: Use Remote Port Forwarding to Slip Past Firewall Restrictions Unnoticed

Local port forwarding is good when you want to use SSH to pivot into a non-routable network. But if you want to access services on a network when you …

Linux

15 things you should be doing after work instead of watching TV if you want to be happier

For the longest time, I would come home from work and immediately pop on the TV. It was mindless — after a day of meetings, intensive heads-down work, and never-ending email chains, the only thing I thought I wanted to do was watch five episodes of some sitcom I'd seen hundreds of times before.<p>But …

Productivity

Evil XML with two encodings

WAFs see a white noise instead of the document!<p>In this article you will meet a variety of XML encodings, and learn how to bypass a WAF with them.<p>What …

Python Programming

NSA Exploits Ported to Work on All Windows Versions Released Since Windows 2000

A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. …

Information Security

Researchers discover malicious Chrome extensions

Nearly 90 malicious Google Chrome extensions have been discovered in the official Chrome store that can inject into visited websites, ads, …

Chrome Web Store

Understanding the Attack Vectors of CVE-2018-0101

Cisco is committed to responsible coordinated disclosure about vulnerabilities, and maintains a very open relationship with the security research community. On January 29, 2018, the Cisco PSIRT learned about public knowledge of a remote code execution and denial of service vulnerability affecting …

Information Security

Lateral Movement with PowerPoint and DCOM

A number of researchers have recently been looking at lateral movement methods that leverage Microsoft’s Distributed Component Object Model (DCOM), …

Software

Windows Privilege Escalation Guide

Introduction<p>Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and …

Linux

Blue team, this is a NEAT 'living off the land' sample that is an MHTML macro doc that uses renamed wscript.exe & pubprn.vbs along with schtasks, and a COM scriptlet. The use of inbox pubprn.vbs as scriptlet launcher is awesome. @enigma0x3 wrote about this technique last year. https://t.co/cYK6EltjbO