albertzsigovits

# URL reputation checkers:
##########################

AlienVault OTX              https://otx.alienvault.com/browse/pulses
BarracudaCentral            http://www.barracudacentral.org/lookups
BrightCloud                 https://www.brightcloud.com/tools/url-ip-lookup.php
CDRF ThreatCenter           https://threatcenter.crdf.fr
Cisco Talos                 https://www.talosintelligence.com/reputation_center
Checkpoint                  https://urlcat.checkpoint.com/urlcat
Cyren URL                   https://www.cyren.com/security-center/url-category-check

albertzsigovits

# SPL cheatsheet:
# Additional resource: http://www.bbosearch.com/searches
########################################################

- List users and corresponding roles:
=====================================
  | rest /services/authentication/users splunk_server=?
  | fields title roles realname

- List indexes:

albertzsigovits

https://www.bootloaders.io/
https://loldrivers.io
https://gtfobins.github.io
https://lolbas-project.github.io
https://wtfbins.wtf
https://lots-project.com
https://filesec.io
https://malapi.io
https://hijacklibs.net
https://wadcoms.github.io

albertzsigovits

# Cyber attack maps:
####################

Akamai              https://www.akamai.com/us/en/solutions/intelligent-platform/visualizing-akamai/real-time-web-monitor.jsp
Arbor Networks      https://www.digitalattackmap.com
Bitdefender         https://threatmap.bitdefender.com
BlueLiv             https://community.blueliv.com/map
Cisco Talos         https://www.talosintelligence.com
Checkpoint          https://threatmap.checkpoint.com
Deutsche Telekom    https://sicherheitstacho.eu/start/main

albertzsigovits

Update-AUPackages

UTC: 2024-01-03 12:01 virtualex-itv/chocolatey-packages

This file is automatically generated by the update_all.ps1 script using the AU module.

Ignored | History | Force Test | [Releases](https:

albertzsigovits

Control Flow Flattening
Opaque Predicates
Mixed Boolean Arithmetic
Strings and Code Encryption
Instruction substitution

albertzsigovits

export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0

/proc/PID/environ | tr '\0' '\n'

unset HISTFILE
rm $HISTFILE
shred $HISTFILE
rm .bash_history

albertzsigovits

YARA use cases:
===============

Conditions:
-----------
uint16(0) == 0x5A4D // MZ
uint32(uint32(0x3C)) == 0x00004550 // PE
uint32(0) == 0x464C457F // ELF        
uint8be(uint32(0x3C)+4) == 0x64 // 64-bit
uint32be(uint32(0x3C)+8) == 0x174a505c // Compiled time

albertzsigovits

Pre-built VMs:

    https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Clean Windows ISOs:

    Windows 7 - https://docs.microsoft.com/en-us/lifecycle/products/windows-7
    Windows 8.1 - https://www.microsoft.com/en-us/software-download/windows8ISO
    Windows 10 - https://www.microsoft.com/en-US/software-download/windows10
    Windows 11 - https://www.microsoft.com/en-US/software-download/windows11

albertzsigovits

Case	EXE	DLL	Date	Family	Type	Country
						
PoisonIvy RAT hijacking Samsung RunHelp.exe	RunHelp.exe	ssMUIDLL.dll	2019.01.01	PoisonIvyRAT	APT	-
Remcos hijacking OpenVPN libcrypto.dll	OpenVPNGui.exe	libcrypto.dll	2021.03.01	Netwire/Remcos RAT	APT	-
REvil hijacking MsMpEng.exe/ WinDefender DLL	MsMpEng.exe	mpsvc.dll	2021.03.31	REvil group	Cybercrime	-
NGOs are targeted by APT10 with VLC media player side-loading	vlc.exe	-	2022.02.01	Cicada group	APT10	CN
Lockbit ransomware dropping Cobalt-strike w/ DLL-sideloading	VMwareXferlogs.exe	glib-2.0.dll	2022.04.27	Lockbit group	Cybercrime	-
PlugX Hijacking Bitdefender AV DLLs	bdsrv.exe	log.dll	2022.05.02	PlugX/ShadowPad RAT	APT	CN
Mustang Panda targets EU entities with phishing	Acrobat.exe	Acrobat.dll	2022.05.05	PlugX/ShadowPad RAT	APT	CN
Qakbot abusing calc.exe for Sideloading	calc.exe	WindowsCodecs.dll	2022.07.27	Qakbot trojan	Cybercrime	-