PlugX malware has been around for almost a decade and has been used by multiple actors of Chinese nexus and several other cybercrime groups. The Palo Alto Networks Unit 42 incident response team has discovered a new variant of PlugX malware that is distributed via removable USB devices and targets Windows PCs. This should not […]
Microsoft Log Parser Toolkit: A Complete Toolkit for Microsoft’s Undocumented Log Analysis Tool Windows Security Monitoring: Scenarios and Patterns Malware Forensics Field Guide for Windows Systems Infosec books | InfoSec tools | InfoSec services
Recent Windows 11 Insider builds include support for ReFS, the Resilient File System. The file system is currently only available in Windows server operating systems, but not in client systems. Resilient File System is designed to “maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity with resiliency to corruption” according to Microsoft. […]
During the month of November, researchers at the cybersecurity firm LookingGlass examined the most significant vulnerabilities in the financial services industry in the United States. The company looked at assets with public internet-facing assets from more than 7 million IP addresses in the industry and discovered that a seven-year-old Remote Code Execution vulnerability affecting Microsoft Windows […]
Windows Security Monitoring: Scenarios and Patterns Malware Forensics Field Guide for Windows Systems Infosec books | InfoSec tools | InfoSec services
https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/active-directory Active Directory is a Microsoft service run in the Server that predominantly used to manage various permission and resources around the network, also it performs an authenticates and authorizes all users and computers in a Windows domain type networks. Recent cyber-attacks are frequently targeting the vulnerable active directory services used in enterprise networks where the organization handling the 1000’s […]
OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.  by Steven Vaughan-Nichols For longer than some of you have been alive, I’ve been preaching the gospel of using more secure desktop operating systems. You see, Windows has […]
It has recently been discovered by researchers that Windows has a vulnerability that allows code execution that rivals EternalBlue in terms of potential. It is possible for an attacker to execute malicious code without authentication by exploiting this newly-tracked vulnerability CVE-2022-37958. It is possible to exploit this vulnerability in a wormable way, which can lead to a chain reaction […]
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as âcriticalâ because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was originally classified […]
Malware attacks are a growing problem in our increasingly digital world. By infiltrating computers and networks, malicious software can cause serious harm to those affected by it. One of the most common types of malware is ransomware (encryption-based malware), which prevents users from accessing their files until they pay a hefty fee to the cyber […]
Mastering Active Directory: Design, deploy, and protect Active Directory Domain Services for Windows Server 2022
There is an unofficial patch from 0patch for a Zero-Day flaw in Microsoft Windows that allows bypassing the MotW (Mark-of-the-Web) protections that are built into the operating system and at moment itâs actively exploited. By utilizing files signed with malformed signatures, this zero-day flaw is able to bypass MotW protections. Various legacy Windows versions as […]
Attack path types From the perspective of a defender, there are three types of attack paths: Ones that can be fixed in minutes Ones that take days or weeks to resolve, and Ones that canât be fixed without significant structural changes or breaking critical software. Hereâs some background to help understand why they break down […]
Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection
Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […]
Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked as CVE-2021-42287 and CVE-2021-42278, can be chained to impersonate domain controllers and gain administrative privileges on Active Directory. Microsoft is now warning […]
Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably donât know whether youâre using OMI or not. Yâsee, Open Management Infrastructure (OMI) is often silently installed on Azureâas a prerequisite. And, to make matters worse, Microsoft hasnât rolled out the patch for youâdespite publishing the code a month ago. So much for […]
Details are scarce so far, but Microsoft is warning Office users about a bug thatâs dubbed CVE-2021-40444 , and described as Microsoft MSHTML Remote Code Execution Vulnerability. The bug doesnât have a patch yet, so itâs whatâs known as a zero-day, shorthand for âthe Good Guys were zero days ahead of the Bad Guys with a patch for […]
Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. The issues […]
Windows 11 wonât auto-update on slightly old PCs. It appears this includes security updatesâalthough Microsoft PR is doing its usual trick of ghosting reporters who ask. This sounds like a terrible idea: A fleet of unpatched Windows 11 PCs connected to the internet? Thatâs a recipe for disaster. Stand by for Redmond to walk this one back in an embarrassing climbdown. In […]
