Michael Meade

Link Repository

by

Michael Meade
in

This post contains links that I find interesting or helpful. It covers a bunch of different types of categories. Some related to cybersecurity, others not so much. Check back to this list often as new URLs will be added.

Other

Mafia-Aided Scheme Evades Millions in Gas Taxeshttps://archive.ph/YcGNG
Cyberbanging: Street Gangs Employ Social Media As A Recruiting Toolhttps://archive.ph/iNlyB
This is your brain. This is your brain on codehttps://archive.ph/XSoyM
The hidden brain power behind programminghttps://archive.ph/8hfcC
Street gangs turn to high-tech cybercrime to make a livinghttps://archive.ph/AwAKo
In the Hood: Street Gangs Discover White-Collar Crimehttps://archive.ph/9xSfZ
How the Mafia Is Pivoting to Cybercrimehttps://archive.ph/AOEsR
Europol: Italian Mafia Tied to Cybercriminals Responsible for €10 Million in Cyberattackshttps://archive.ph/SxTEE
Scientists generate the first complete chromosome sequences from non-human primateshttps://archive.ph/ThPAZ
Benjamin Franklin Printed Money With a Special Dye and Innovative Techniques to Thwart Counterfeiters, New Research Findshttps://archive.ph/b3JNt
Like humans, chimps often perform tasks differently when crowds are watchinghttps://archive.ph/FyZbf
Meet the ancient ‘big head’ people: Scientists uncover a ‘lost’ human in Asia with an abnormally large skull that lived alongside homo sapiens 100,000 years agohttps://archive.ph/xhVSm
Meet Homo Juluensis, Your New Big-Headed Ancient Ancestorhttps://archive.ph/yUhyF
Scientists Discovered a New Human Species That Defies Conventional Wisdomhttps://archive.ph/ZrNa5
How an Ancient Human Species Formed Family Tieshttps://archive.ph/x4rKx
How Do People Who Are Blind or Visually Impaired Identify Money?https://archive.ph/lwy6Z
The most ancient human genome yet has been sequenced—and it’s a Denisovan’shttps://archive.ph/8wuss
Thirteen Discoveries Made About Human Evolution in 2023https://archive.ph/dVbDG
Humans and Neanderthals Lived Side by Side in Northern Europe 45,000 Years Ago, Study Findshttps://archive.ph/p3xOt
Why Were There So Many Skeletons Hidden in Benjamin Franklin’s Basement?https://archive.ph/yDKjU
Anticounterfeiting secrets of Benjamin Franklin’s paper money revealedhttps://archive.ph/hQJwy
Ben Franklin Lives in Your Smartphonehttps://archive.ph/LEHYG
Fact: Millennials Didn’t Invent Selfies—This Guy Didhttps://archive.ph/2gTcp
Case Files: Nikola Teslahttps://archive.ph/R5nkb
Nikola Tesla and the Tower That Became His ‘Million Dollar Folly’https://archive.ph/R1QnZ
65,000-year-old hearth in Gibraltar may have been a Neanderthal ‘glue factory,’ study findshttps://archive.ph/mlqaW
After 50 Years, Scientists Still Love Lucyhttps://archive.ph/WdlXp
Venting Doesn’t Reduce Anger, But Something Else Does, Study Showshttps://archive.ph/MCwAH
Neanderthals and early Homo sapiens buried their dead differently, study suggestshttps://archive.ph/M4AZk
We’re closer to re-creating the sounds of Parasaurolophushttps://archive.ph/7LzWt

Troubleshooting

How to reliably keep an SSH tunnel open?https://archive.ph/fjOPX

Threat Reports

Kiteshield Packer is Being Abused by Linux Cyber Threat Actorshttps://archive.ph/FjHPC
One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networkshttps://archive.ph/UJOkr
Malone Iam and His Accomplices Arrested in $243M Crypto Hackhttps://archive.ph/6mItE
What I’ve learned in my first 7-ish years in cybersecurityhttps://archive.ph/6BIxJ
Supply Chain Lessons from Thousands of Exploding Pagershttps://archive.ph/A600i
Snowblind: The Invisible Hand of Secret Blizzardhttps://archive.ph/GRTIq
One Sock Fits All: The use and abuse of the NSOCKS botnethttps://archive.ph/zD755
Writing a BugSleep C2 server and detecting its traffic with Snorthttps://archive.ph/xr2ht
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Thefthttps://archive.ph/WzkhB
RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Grouphttps://archive.ph/dZp5m
Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspectivehttps://archive.ph/dEkhQ
Unpacking the Blackjack Group’s Fuxnet Malwarehttps://archive.ph/mIOhL
Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Pumahttps://archive.ph/cdfr0
A Dive into Earth Baku’s Latest Campaignhttps://archive.ph/r2GBL
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystemhttps://archive.ph/TiRrT
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusionhttps://archive.ph/kAi0E
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusionshttps://archive.ph/XHct7
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approachhttps://archive.ph/V9SSI
Attackers Target Exposed Docker Remote API Servers With perfctl Malwarehttps://archive.ph/K7OC4
Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Datahttps://archive.ph/0LJNt
Malicious JavaScript Injection Campaign Infects 51k Websiteshttps://archive.ph/dELaK
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Landhttps://archive.ph/T6FSh
CryptoClippy Speaks Portuguesehttps://archive.ph/QUl91
Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)https://archive.ph/PNXph
Teasing the Secrets From Threat Actors: Malware Configuration Parsing at Scalehttps://archive.ph/yCnNu
Detecting Popular Cobalt Strike Malleable C2 Profile Techniqueshttps://archive.ph/miiD6
Six Malicious Python Packages in the PyPI Targeting Windows Usershttps://archive.ph/wip/2Cdey
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Wormhttps://archive.ph/dymhm
Ransomware Delivery URLs: Top Campaigns and Trendshttps://archive.ph/YBOsv
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accountshttps://archive.ph/VMyuM
CL0P Seeds ^_- Gotta Catch Em All!https://archive.ph/PiFNI
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAThttps://archive.ph/NzD1e
Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaignhttps://archive.ph/HKme3
Understanding DNS Tunneling Traffic in the Wildhttps://archive.ph/pRxT8
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keyshttps://archive.ph/vbrKA
In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584https://archive.ph/lAwFS
Chinese APT Targeting Cambodian Governmenthttps://archive.ph/nQ0Sy
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domainshttps://archive.ph/tnu3T
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actorshttps://archive.ph/0Q2lk
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaignhttps://archive.ph/4aUxL
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealerhttps://archive.ph/CQA1N
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secretshttps://archive.ph/tGd8f
Inside the Rabbit Hole: BunnyLoader 3.0 Unveiledhttps://archive.ph/qYtEG
Intruders in the Library: Exploring DLL Hijackinghttps://archive.ph/OStQt
Diving Into Glupteba’s UEFI Bootkithttps://archive.ph/0acO7
The Art of Domain Deception: Bifrost’s New Tactic to Deceive Usershttps://archive.ph/6bU0H
Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoorhttps://archive.ph/RfZZj
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asiahttps://archive.ph/esX86
Large-Scale StrelaStealer Campaign in Early 2024https://archive.ph/E2MVl
Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomwarehttps://archive.ph/Wd6UC
Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffichttps://archive.ph/uLbyW
Phishing Pages Delivered Through Refresh HTTP Response Headerhttps://archive.ph/S97g0
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dzhttps://archive.ph/542lW
TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkithttps://archive.ph/dfEPf
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communicationshttps://archive.ph/KuyvJ
Fighting Ursa Luring Targets With Car for Salehttps://archive.ph/pECms
From RA Group to RA World: Evolution of a Ransomware Grouphttps://archive.ph/SpISo
Mass-spreading campaign targeting Zimbra usershttps://archive.ph/FCFBa
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Accesshttps://archive.ph/Xl0s6
Linux malware strengthens links between Lazarus and the 3CX supply-chain attackhttps://archive.ph/AWEcU
Asylum Ambuscade: crimeware or cyberespionage?https://archive.ph/IKxC5
What’s up with Emotet?https://archive.ph/mdSuf
MoustachedBouncer: Espionage against foreign diplomats in Belarushttps://archive.ph/EU9kf
Telekopye: Hunting Mammoths using Telegram bothttps://archive.ph/sobAi
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipeshttps://archive.ph/cLEBj
Stealth Falcon preying over Middle Eastern skies with Deadglyphhttps://archive.ph/cLEBj
Operation King TUT: The universe of threats in LATAMhttps://archive.ph/nlZoY
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistanhttps://archive.ph/YUX3P
Telekopye: Chamber of Neanderthals’ secretshttps://archive.ph/9asu0
Initial access broker repurposing techniques in targeted attacks against Ukrainehttps://archive.ph/ungoq
HotPage: Story of a signed, vulnerable, ad-injecting driverhttps://archive.ph/v7c9m
The Dangers of Broken Links: How They Can Threaten Your Cybersecurityhttps://archive.ph/YX1L4
Insecurity through Censorship: Vulnerabilities Caused by The Great Firewallhttps://archive.ph/h5dCN
ESET takes part in global operation to disrupt the Grandoreiro banking trojanhttps://archive.ph/difAB
OilRig’s persistent attacks using cloud service-powered downloadershttps://archive.ph/UiLFZ
NSPX30: A sophisticated AitM-enabled implant evolving since 2005https://archive.ph/6DV82
Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitationhttps://archive.ph/tuaHr
Mid-year Doppelgänger information operations in Europe and the UShttps://archive.ph/xvZoJ
The new era of hacktivism: state-organized hacktivism spreads with Russian-Ukrainian tensionshttps://archive.ph/GbL1J
From fun to data loss: the dark side of Facebook quizzeshttps://archive.ph/PJYoH
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threatshttps://archive.ph/li3fp
Russian Military Cyber Actors Target U.S. and
Global Critical Infrastructure		https://archive.ph/d5fIK
North Korean hacker BlueNoroff targets crypto firms with new malwarehttps://archive.ph/OhDoy
As Hacker Gives Stolen Data Away, Nokia Issues New Denial Statementhttps://archive.ph/Sh2aB
New Password Hack Attack—LastPass, Chrome, Facebook, Netflix, PayPal Users At Riskhttps://archive.ph/luLCT
Chinese Group Accused of Hacking Singtel in Telecom Attackshttps://finance.yahoo.com/news/chinese-group-accused-hacking-singtel-041722621.html?guccounter=2
CosmicBeetle steps up: Probation period at RansomHubhttps://archive.ph/AVPOY
Hackers Are Using Police Emails to Send Tech Companies Fraudulent Data Requestshttps://archive.ph/MQWUd
‘SteelFox’ Malware Blitz Infects 11K Victims With Bundle of Painhttps://archive.ph/Z1wzA
Custom “Pygmy Goat” malware used in Sophos Firewall hack on govt networkhttps://archive.ph/sXpnU
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Exampleshttps://archive.ph/LgVEU
To the Moon and back(doors): Lunar landing in diplomatic missionshttps://archive.ph/XI6cD
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gainhttps://archive.ph/JMztq
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the warhttps://archive.ph/HdchT
Rescoms rides waves of AceCryptor spamhttps://archive.ph/h3Opq
eXotic Visit campaign: Tracing the footprints of Virtual Invadershttps://archive.ph/BjiIy
Arid Viper poisons Android apps with AridSpyhttps://archive.ph/NXxo0
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Androidhttps://archive.ph/Zpslg
NGate Android malware relays NFC traffic to steal cashhttps://archive.ph/mAeM6
Analysis of two arbitrary code execution vulnerabilities affecting WPS Officehttps://archive.ph/KK1ri
Hundreds of code libraries posted to NPM try to install malware on dev machineshttps://archive.ph/dI4jv
IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Toolshttps://archive.ph/iBp2f
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malwarehttps://archive.ph/T9erd
North Korean Hackers Use Fake News to Spread ‘Hidden Risk’ Malwarehttps://archive.ph/IlsL8
Malware campaign expands its use of fake CAPTCHAshttps://archive.ph/vFhm5
The Evolution of Transparent Tribe’s New Malwarehttps://archive.ph/vFhm5
The Muddy Waters of APT Attackshttps://archive.ph/d2KvP
Muddying the Water: Targeted Attacks in the Middle Easthttps://archive.ph/qdD6O
Threat Actors Muddy Waters in Middle East with APT Hijacks and Fake Leaks in Q2 2019https://archive.ph/0K6X4
I know what you did last summer, MuddyWater blending in the crowdhttps://archive.ph/NMcuF
Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actorhttps://archive.ph/FJHye
Catching fish in muddy watershttps://archive.ph/gFvzv
New BugSleep Backdoor Deployed in Recent MuddyWater Campaignshttps://archive.ph/5R8Pd
ToddyCat is making holes in your infrastructurehttps://archive.ph/7m2q9
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malwarehttps://archive.ph/7m2q9
Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground?https://archive.ph/boRbk
A cascade of compromise: unveiling Lazarus’ new campaignhttps://archive.ph/lPuj9
StripedFly: Perennially flying under the radarhttps://archive.ph/PFDWR
Beyond the Surface: the evolution and expansion of the SideWinder APT grouphttps://archive.ph/2v9ZG
HrServ – Previously unknown web shell used in APT attackhttps://archive.ph/nviEs
The Crypto Game of Lazarus APT: Investors vs. Zero-dayshttps://archive.ph/xgdeP
Awaken Likho is awake: new techniques of an APT grouphttps://archive.ph/xIBya
Finding a needle in a haystack: Machine learning at the forefront of threat hunting researchhttps://archive.ph/NDm9b
Tropic Trooper spies on government entities in the Middle Easthttps://archive.ph/JRY86
A deep dive into the most interesting incident response cases of last yearhttps://archive.ph/qUdzT
BlindEagle flying high in Latin Americahttps://archive.ph/smuw5
CloudSorcerer – A new APT targeting Russian government entitieshttps://archive.ph/7naP9
ToddyCat: Keep calm and check logshttps://archive.ph/FKLYx
Operation Triangulation: iOS devices targeted with previously unknown malwarehttps://archive.ph/ZPPKr
Meet the GoldenJackal APT group. Don’t expect any howlshttps://archive.ph/9E2Sf
CloudWizard APT: the bad magic story goes onhttps://archive.ph/eTJq9
Tomiris called, they want their Turla malware backhttps://archive.ph/mZR7q
Following the Lazarus group by tracking DeathNote campaignhttps://archive.ph/Tm3KR
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attackhttps://archive.ph/6zaS1
Bad magic: new APT found in the area of Russo-Ukrainian conflicthttps://archive.ph/ZoAmT
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022https://archive.ph/3x4cG
BlueNoroff introduces new methods bypassing MoTWhttps://archive.ph/7PS53
Ransomware and wiper signed with stolen certificateshttps://archive.ph/N1SRN
DeathStalker targets legal entities with new Janicab varianthttps://archive.ph/0e5VL
APT10: Tracking down LODEINFO 2022, part IIhttps://archive.ph/PSZIs
APT10: Tracking down LODEINFO 2022, part Ihttps://archive.ph/NNFG4
DiceyF deploys GamePlayerFramework in online casino development studiohttps://archive.ph/u6dDt
Fortune 1000 at risk: How we discovered 30k exposed APIs & 100k API vulnerabilities in the world’s largest organizationshttps://archive.ph/lLWl4
DeftTorero: tactics, techniques and procedures of intrusions revealedhttps://archive.ph/dDrN3
Kimsuky’s GoldDragon cluster and its C2 operationshttps://archive.ph/PMDfO
VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchangeshttps://archive.ph/eOACn
Andariel deploys DTrack and Maui ransomwarehttps://archive.ph/QhBaY
Targeted attack on industrial enterprises and public institutionshttps://archive.ph/lFFBl
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkithttps://archive.ph/2JIvi
The SessionManager IIS backdoorhttps://archive.ph/UCMzD
WinDealer dealing on the sidehttps://archive.ph/Zez7q
EastWind campaign: new CloudSorcerer attacks on government organizations in Russiahttps://archive.ph/pbBpa
Lazarus Trojanized DeFi app for delivering malwarehttps://archive.ph/62BNZ
MoonBounce: the dark side of UEFI firmwarehttps://archive.ph/jE152
The BlueNoroff cryptocurrency hunt is still onhttps://archive.ph/iqYvT
ScarCruft surveilling North Korean defectors and human rights activistshttps://archive.ph/X7Kk6
WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019https://archive.ph/DD8hf
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandwormhttps://archive.ph/Zl6QY
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technologyhttps://archive.ph/Ri4w2
A Decade of Sandworm: Digging into APT44’s Past and Futurehttps://archive.ph/XUYgi
New North Korean Campaigns Target Cryptocurrency Industryhttps://archive.ph/oGeTe
Magic Hound Campaign Attacks Saudi Targetshttps://archive.ph/xiuz2
Meow, Meow Leaks, and the Chaos of Ransomware Attributionhttps://archive.ph/SqGpa
Conti Ransomware: Inside One of the World’s Most Aggressive Ransomware Groupshttps://archive.ph/uIqKt
Conti Ransomware Gang Has Full Log4Shell Attack Chainhttps://archive.ph/xvVe6
Disgruntled Affiliate Reveals Conti Ransomware Attack Techniqueshttps://archive.ph/XAswr
GhostEmperor: From ProxyLogon to kernel modehttps://archive.ph/gpM3F
DarkHalo after SolarWinds: the Tomiris connectionhttps://archive.ph/4IZ3v
LuminousMoth APT: Sweeping attacks for the chosen fewhttps://archive.ph/9Vkee
WildPressure targets the macOS platformhttps://archive.ph/vr2o5
Ferocious Kitten: 6 years of covert surveillance in Iranhttps://archive.ph/q3g5e
Andariel evolves to target South Korea with ransomwarehttps://archive.ph/RJqef
PuzzleMaker attacks with Chrome zero-day exploit chainhttps://archive.ph/ItNcF
Operation TunnelSnakehttps://archive.ph/4nYU5
The leap of a Cycldek-related threat actorhttps://archive.ph/A39by
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaignhttps://archive.ph/GedUy
Lazarus targets defense industry with ThreatNeedlehttps://archive.ph/ZYyg8
Sunburst backdoor – code overlaps with Kazuarhttps://archive.ph/jDKO1
Lazarus covets COVID-19-related intelligencehttps://archive.ph/jRLOZ
Sunburst: connecting the dots in the DNS requestshttps://archive.ph/IHPwu
What did DeathStalker hide between two ferns?https://archive.ph/No4Eg
IAmTheKing and the SlothfulMedia malware familyhttps://archive.ph/uZ8U5
MontysThree: Industrial espionage with steganography and a Russian accent on both sideshttps://archive.ph/jhF14
MosaicRegressor: Lurking in the Shadows of UEFIhttps://archive.ph/er2xC
Transparent Tribe: Evolution analysis, part 2https://archive.ph/2Xcur
Lifting the veil on DeathStalker, a mercenary triumviratehttps://archive.ph/BPNER
Transparent Tribe: Evolution analysis, part 1https://archive.ph/X0EuG
Lazarus on the hunt for big gamehttps://archive.ph/zysTE
MATA: Multi-platform targeted malware frameworkhttps://archive.ph/rdgVJ
Microcin is herehttps://archive.ph/NfgHc
Cycldek: Bridging the (air) gaphttps://archive.ph/L0VIP
The zero-day exploits of Operation WizardOpiumhttps://archive.ph/g3gGL
COMpfun authors spoof visa application with HTTP status-based Trojanhttps://archive.ph/pdzxq
Naikon’s Ariahttps://archive.ph/bNiYv
Hiding in plain sight: PhantomLance walks into a markethttps://archive.ph/6ET1E
Holy water: ongoing targeted water-holing attack in Asiahttps://archive.ph/kBdy9
iOS exploit chain deploys LightSpy feature-rich malwarehttps://archive.ph/tfQE5
WildPressure targets industrial-related entities in the Middle Easthttps://archive.ph/w3AHo
Operation AppleJeus Sequelhttps://archive.ph/tj1IP
OilRig’s Poison Frog – old samples, same trickhttps://archive.ph/OcUrH
RevengeHotels: cybercrime targeting hotel front desks worldwidehttps://archive.ph/nXC6a
Titanium: the Platinum group strikes againhttps://archive.ph/XJllz
DarkUniverse – the mysterious APT framework #27https://archive.ph/dywEs
COMpfun successor Reductor infects files on the fly to compromise TLS traffichttps://archive.ph/anLhw
Turla renews its arsenal with Topinambourhttps://archive.ph/LaGch
‘Twas the night beforehttps://archive.ph/b25nE
ViceLeaker Operation: mobile espionage targeting Middle Easthttps://archive.ph/CvQ69
Hello again, FakeBat: popular loader returns after months-long hiatushttps://archive.ph/uefkT
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoorshttps://archive.ph/6zZ7y
Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lurehttps://archive.ph/j9Nk3
Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferationhttps://archive.ph/Khjlr
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companieshttps://archive.ph/afcEh
Schneider Electric Hacked and Blackmailed Following Lumma Infostealer Infectionhttps://archive.ph/Cm7hg
The Google 0-day all Infostealer groups are exploiting.https://archive.ph/WK5MK
Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operationshttps://archive.ph/VxNCt
Life on a crooked RedLine: Analyzing the infamous infostealer’s backendhttps://archive.ph/PKHZW
How AitM phishing kits evade detectionhttps://archive.ph/NTWuE
How AitM phishing kits evade detection: Part 2https://archive.ph/Ifqzc
Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activityhttps://archive.ph/rqPLB
TeamTNT’s Docker Gatling Gun Campaignhttps://archive.ph/z7y8I
Hildegard: New TeamTNT Cryptojacking Malware Targeting Kuberneteshttps://archive.ph/5mpnr
TeamTNT Returns — Or Does It?https://archive.ph/hbpFv
Cryptojacking Gang TeamTNT Makes a Comebackhttps://archive.ph/EqGY7
TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attackhttps://archive.ph/Yfgci
The Real Cost of Cryptomining: Adversarial Analysis of TeamTNThttps://archive.ph/17baI
Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attackshttps://archive.ph/uzLxN
Chaos is a Go-based Swiss army knife of malwarehttps://archive.ph/6FGsw
Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134https://archive.ph/zxea3
Necro Python Botnet Goes After Vulnerable VisualTools DVRhttps://archive.ph/svH8g
Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilitieshttps://archive.ph/r5WrK
DreamBus Botnet Resurfaces, Targets RocketMQ vulnerabilityhttps://archive.ph/XAinA
DreamBus Botnet – Technical Analysishttps://archive.ph/KJxHq
Malware analysis: Hands-On Shellbot malwarehttps://archive.ph/sWLzr
Solving the 7777 Botnet enigma: A cybersecurity questhttps://archive.ph/26NfR
Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebinhttps://archive.ph/kiGeP
Unit 42 Finds New Mirai and Gafgyt IoT/Linux Botnet Campaignshttps://archive.ph/9oIO8
Malicious QR Codes: How big of a problem is it, really?https://archive.ph/PcUei
A pernicious potpourri of Python packages in PyPIhttps://archive.ph/OgJbQ

Hacking

Hacking for Babieshttps://hackingforbabies.gitbook.io/en/coming-soon
Linux LKM Persistencehttps://archive.ph/cJKJh
Linux Attack Techniques: Dynamic Linker Hijacking with LD Preloadhttps://archive.ph/SigLa
Your Friendly North Korean Network Observerhttps://archive.ph/f9qw6
A Closer Look at North Korea’s Internethttps://archive.ph/hY9V8
Masscan Cheatsheethttps://archive.ph/HhXYC
Masscan as a lesson in TCP/IPhttps://archive.ph/CNBvY
Nmap Cheatsheethttps://archive.ph/ve0bn
Linux Basics for Hackers: The Linux Logging Systemhttps://archive.ph/IPmNu
Server-Side Request Forgery Prevention Cheat Sheethttps://archive.ph/cOGDy
Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerabilityhttps://archive.ph/GOIuz
Exploiting Server Side Request Forgery (SSRF) in an APIhttps://archive.ph/ogch5
Bug bounty write-up: From SSRF to $4000https://archive.ph/PQmVc
Server-side template injectionhttps://archive.ph/MZlun
Finding and Fixing SSTI Vulnerabilities in Flask (Python) With StackHawkhttps://archive.ph/voz6d
SSTI -Bypassing Single Quotes Filterhttps://archive.ph/rmpQ4
Python – Server Side Template Injection (SSTI)https://archive.ph/FEWWq
A Pentester’s Guide to Server Side Template Injection (SSTI)https://archive.ph/fITsI
SSTI (Server Side Template Injection)https://archive.ph/UGEmP
SSTI Bypass Filter (/^[0–9a-z ]+$/i)https://archive.ph/iwnXl
File upload vulnerabilitieshttps://archive.ph/Pslry
File Upload Cheat Sheethttps://archive.ph/slxVz
Cross-site scriptinghttps://archive.ph/rnf2A
What is Mimikatz? The Beginner’s Guidehttps://archive.ph/6fsVU
Wormable XSS www.bing.comhttps://archive.ph/mz2QF

Hacking News

USDoD Hacker Behind $3 Billion SSN Leak Reveals Himself as Brazilian Citizenhttps://archive.ph/uPdeD
Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’https://archive.ph/gBh2a

GitHub

Snapshot of North Korea’s DNS data taken from zone transfershttps://archive.ph/JziJP
Simple Windows and Linux keystroke injection tool that exfiltrates stored Wi-Fi data (SSID and password).https://archive.ph/Of8WK

Cryptocurrency

Wallet Scam: A Case Study in Crypto Drainer Tacticshttps://archive.ph/5bSPh
How Chainalysis Made Their Way into Popular Monero Walletshttps://archive.ph/6zjNy
Dirty Tor exit to wallet.dat thefthttps://archive.ph/5ERam

Dogs

Scientists discover dogs are entering a new phase of evolutionhttps://archive.ph/ZoS6c

Study Guides & CTF

Jorkle’s OSCP Guidehttps://archive.ph/Ubz2J
DEFCON 28 OpenSOC Blue Team CTF: Lessons and Tipshttps://archive.ph/vK9UN
Privilege Escalation – Windows
Privilege Escalation Windows		https://archive.ph/TRup0

Hacking Write Ups

Hacking Chess.com and Accessing 50 Million Customer Recordshttps://archive.ph/Y7VuW
Scanners Beware: Welcome to the Network from Hellhttps://archive.ph/5kz10
Messenger Group Call DoS for iOShttps://archive.ph/FWJra
Hacking Kia: Remotely Controlling Cars With Just a License Platehttps://archive.ph/uj58M
Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade.https://archive.ph/bhMnz
They Told Their Therapists Everything. Hackers Leaked It Allhttps://archive.ph/H44KP
Hacking 700 Million Electronic Arts Accountshttps://archive.ph/FdPGI
One weird trick to get the whole planet to send abuse complaints to your best friend(s)https://archive.ph/Eb7TI
Bug bounty write-up: From SSRF to $4000https://archive.ph/PQmVc
$350 XSS in 15 minuteshttps://archive.ph/sVa9o
BBC Bug Bounty Write-up | XSS Vulnerabilityhttps://archive.ph/EjOvM
Stop Using Predictable Bucket Names: A Failed Attempt at Hacking Satelliteshttps://archive.ph/8dGKU
How I Got My First Reflected XSS Bug Bounty!https://archive.ph/p9Ld3
Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL APIhttps://archive.ph/OSUql
XSS Attack: 3 Real Life Attacks and Code Exampleshttps://archive.ph/O1odY
I Studied 100+ SSRF Reports, and Here’s What I Learnedhttps://archive.ph/vwgUG
Account Takeover using IDOR in Password reset Functionalityhttps://archive.ph/wZ8Nm
Building a Virtual Ethical Hacking Home Lab — Part 2: Lab Topologyhttps://archive.ph/2AIcw
Exploring The Impersonator Shellhttps://archive.ph/21U4v
Advance AI Test Cases For Penetration Testinghttps://archive.ph/nAqd1
Go — ing Rogue: The Malware Development Odyssey (Part I)https://archive.ph/MHLrz
Go — ing Rogue: The Malware Development Odyssey (Part II)https://archive.ph/ivAYb
My First Bug: Blind SSRF Through Profile Picture Uploadhttps://archive.ph/UdruZ
SSRF to Server Takeover PoC (Bug Bounty Writeup)https://archive.ph/dzfvY
Learning about Server Side Request Forgery (SSRF)https://archive.ph/yqtJQ
Unrestricted File Upload Leads to SSRF and RCEhttps://archive.ph/ThHXI
A Nifty SSRF Bug Bounty Write Uphttps://archive.ph/5JaWZ
SSRF Internal resource accessing & Bypassing Filter (CTF)https://archive.ph/L7yGu
Server-Side Request Forgery (SSRF)https://archive.ph/R4NGi
Houzz – SSRF Vulnerability Bugbounty Writeuphttps://archive.ph/qNl7x
United Nations IDOR Vulnerability Writeuphttps://archive.ph/8sEM2
BMW Bug Bounty – Account Verification Bypass writeuphttps://archive.ph/ZvUyM
How I earned $800 for Host Header Injection Vulnerabilityhttps://archive.ph/PwvjP
Bugbounty Write-up: IDOR (Insecure Direct Object References)https://archive.ph/I6hYW
How I Discovered a CVE by Scanning Open Source Repositorieshttps://archive.ph/BccLn
It Started with CSRF, But Wait… (XSS & Potential SQLi)https://archive.ph/U0LYy
Hijacking your JavaScript using prototype pollutionhttps://archive.ph/lPfce
How I Found Multiple XSS Vulnerabilities Using Unknown Techniqueshttps://archive.ph/pwnYU
Blue Team Bootcamp Series (P3): How to Detect Cross-Site Scripting (XSS) Attackshttps://archive.ph/ZjTOX
Crafting XSS (Cross-Site Scripting) payloadshttps://archive.ph/UdK9s
Bug Bounty Writeup: $2500 Reward for Session Hijack via Chained Attackhttps://archive.ph/7LX1I
Triple XSS in a Private Bug Bounty Program via a Hidden Parameterhttps://archive.ph/KsNz1
Hunting for Hidden Parameters in Burp Suitehttps://archive.ph/B05y9
Power of One-Liners: Master Bug Bounty Automation:https://archive.ph/54Sc6
How to Use ParamSpider Tool — For Bug Bountyhttps://archive.ph/oJr1o
Params — Discovering Hidden Treasure in WebAppshttps://archive.ph/eqGI3
SONY Hunting I: Discovering Hidden Parameters (5x SWAG)https://archive.ph/L7c8D
How I Found Multiple SQL Injections in 5 Minutes in Bug Bountyhttps://archive.ph/bEQO2
Fuzzing Websites to Find Hidden Parametershttps://archive.ph/drgAn
Hacker tools: Arjun – The parameter discovery toolhttps://archive.ph/fTp7F
How To Find Hidden Parametershttps://archive.ph/DSDnC
Bug Bounty: Tumblr reCAPTCHA vulnerability write uphttps://archive.ph/bPupq
We Hacked Apple for 3 Months: Here’s What We Foundhttps://archive.ph/cvaMj
Monke’s Guide to Bug Bounty Methodologyhttps://archive.ph/KJk0d
The Art Of Zendesk Hijackinghttps://archive.ph/Fauwt
XSS WAF & Character limitation bypass like a bosshttps://archive.ph/Nc3xF
Unicode vs WAF — XSS WAF Bypasshttps://archive.ph/GlDkN
XSS bypass using META tag in realestate.postnl.nlhttps://archive.ph/F2Ugr
Unveiling Trickest: My Secret Weapon for Automating the Bug Bounty Hunthttps://archive.ph/b9FGb
10 Things I Learnt in My First Year as a Penetration Testerhttps://archive.ph/86CYc
HackTheBoo 2022 CTF Write-Upshttps://archive.ph/EWovw
THM write-up: Hacking with Powershellhttps://archive.ph/IOjtW
CFReDS Project:- Hacking Case Challenge Writeuphttps://archive.ph/kKvl1
Penetration Testing: Methodology, Scope and Types of Pentestshttps://archive.ph/ziBpB
Breaking Down the Hacking Team Attack Operationhttps://archive.ph/vgras
Hacking Millions of Modems (and Investigating Who Hacked My Modem)https://archive.ph/ikr9N
Mass Blind Server-Side Testing Setup For Bug Bountyhttps://archive.ph/YpxGo
How I bypassed disable_functions in php to get a remote shellhttps://archive.ph/8A2OL
The Way I Used to Find RCE (Remote Code Execution) via File Uploadhttps://archive.ph/0k20X
HOW I GOT MY FIRST RCE WHILE LEARNING PYTHONhttps://archive.ph/bvA4e
Log4shell Zero-Day Exploit— Full Guidehttps://archive.ph/vhzKf
Data exfiltration over DNS with Remote Code Executionhttps://archive.ph/vsD42
Hacking My College Admin Panel For Fun😁https://archive.ph/cdLxt
Master the subdomain hunting Part 2https://archive.ph/1CT9O
Master Subdomain HUNTING | Art of finding Hidden Assetshttps://archive.ph/xEGqX
#1 Bug Hunting: Subdomain Enumeration — Explainedhttps://archive.ph/BE5c0
Mastering Reconnaissance with Nmap: Unveiling Your Target’s Secretshttps://archive.ph/QiD01
Would you mind to tell me what your bank balance is? No? Okay, I’ll hack it.https://archive.ph/08alD
My recon methodology for hunting CVE-2021–42063 led to discovering an RXSS vulnerability in the Tata Play program Part -1 .https://archive.ph/iRpxq
What is WAF? & Secret Techniques to Bypass Ithttps://archive.ph/HAyJI
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDNhttps://archive.ph/uFEHF
Finding SSRF BY Full Automationhttps://archive.ph/jLHEU
Obfuscating a Mimikatz Downloader to Evade Defender (2024)https://archive.ph/UEGMN
I scanned all of ACT Bangalore customers, and the results aren’t surprising
https://archive.ph/nYoAR
Understanding Different Types of Cybersecurity Scanninghttps://archive.ph/jMVxZ
Hacking & Fuzzing Home Surveillance Camerahttps://archive.ph/6N04A
The Fuzzy Wuzzy: Unveiling Hidden Parametershttps://archive.ph/QfUG7
Drunk Admin Web Hacking Challenge-1: vulnhub write-uphttps://archive.ph/mBRHG
How I accidentally hacked a local news sitehttps://archive.ph/xUTyA
How I Hacked Into a Nationwide University Database System Exposing Thousands of Student Recordshttps://archive.ph/qe8ne
SSRF in real lifehttps://archive.ph/5hoTP
Attacking APIs with SSRF and how to prevent ithttps://archive.ph/LcyQa
Server-side request forgery (SSRF)https://archive.ph/JPph1
Bypassing Common SSRF Protections: Techniques Attackers Usehttps://archive.ph/KgB90
A Complete Guide To Server-Side Request Forgery (SSRF)https://archive.ph/xOHaS
SSRF Bypass Techniques: A Comprehensive Guide for Security Researchershttps://archive.ph/ET8dc
SSRF 101-Everything you need to know about SSRF attackshttps://archive.ph/C2eQS
An SSRF, privileged AWS keys and the Capital One breachhttps://archive.ph/6ZFQE
Intro to SSRFhttps://archive.ph/6azuk
How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guidehttps://archive.ph/EfcQ9
SSRF attack against other back-end systems, SSRF series (Part 1b)https://archive.ph/jSjaK
Unveiling The Techniques Of Finding Server-Side Request Forgery (SSRF) In Web Applications (with a exploitation example)https://archive.ph/mP2V6
SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !https://archive.ph/RW1PG
Uncovering SSRF Vulnerabilities Made Simple: Leveraging the Wayback Machine’s Saved Pageshttps://archive.ph/OhodJ
Mastering Server-side Request Forgery (SSRF): Exploitation Techniques and Practical Labshttps://archive.ph/OIA5I
Vulnerability Vault: Breaking Down SSRF — Server Side Request Forgery (Part 1)https://archive.ph/0VN9G
Vulnerability Vault: Breaking Down SSRF — Server Side Request Forgery (Part 2)https://archive.ph/Jk2Lw
Routing Based SSRFhttps://archive.ph/658gH
Exploiting Server-Side Request Forgery (SSRF) Through Image Validation Bypasshttps://archive.ph/kEJpI
Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerabilityhttps://archive.ph/GOIuz
Part 1 — Uncovering the Vulnerability: How Attackers Can Exploit SSRF via PDF Generation (wkhtmltopdf)https://archive.ph/X0aRP
Unveiling The Techniques Of Finding Blind & Time based SSRF In Web Applications (with a exploitation examplehttps://archive.ph/c1BNp
CVE-2023–33534: Account takeover through CSRF vulnerabilityhttps://archive.ph/JoQ5W
CSRF- Netflix and Youtube are victims of ithttps://archive.ph/lx7DC
Explanation of CSRF ( Cross-Site Request Forgery )https://archive.ph/7RWGe
Account Takeover [Via Cross Site Request Forgery]https://archive.ph/sZev6
Unmasking Basic CSRF Bugs: Hunter Guide for Beginnershttps://archive.ph/iw36N
Chaining CSRF with XSS to deactivate Mass user accounts by single clickhttps://archive.ph/OXmZW
AiTM Phishing, Hold the Gabagool: Analyzing the Gabagool Phishing Kithttps://archive.ph/XhPwZ
Leveling Up Fuzzing: Finding more vulnerabilities with AIhttps://archive.ph/DDgjZ

Exploits / POC

CVE-2024-4879 and CVE-2024-5217 (ServiceNow RCE) Exploitation in a Global Reconnaissance Campaignhttps://archive.ph/7b3GP
Proof-of-Concept for CVE-2023-38831 Zero-Day vulnerability in WinRARhttps://archive.ph/Z3Sa6
Traders’ Dollars in Danger: CVE-2023-38831 zero-Day vulnerability in WinRAR exploited by cybercriminals to target tradershttps://archive.ph/Jg2mY
CVE-2024-38365: Btcd Bug Could Have Led to Bitcoinhttps://archive.ph/CYP8d
CVE-2024–45519 in Zimbra — Bounty $ 1000https://archive.ph/n6Uy5
CVE-2024–25600: WordPress Bricks Builder Remote Code Execution Vulnerability -$$$$ BOUNTYhttps://archive.ph/D6jTu
CVE-2024–0195 Improper Control of Generation of Code (‘Code Injection’)https://archive.ph/46NEA

Forensic / Anti-forensic

Awesome-anti-forensichttps://archive.ph/geEjb
Ethical hacking: Log tampering 101https://archive.ph/l0WN0
Post-exploitation tool to cover your tracks on a compromised machine (beta)https://archive.ph/1JpfK
Browser Artifacts | HackTrickshttps://archive.ph/H3jQc
How to Cover Your Tracks on a Linux System: An Ethical Hacker’s Guidehttps://archive.ph/bIOuH
Covering trackshttps://archive.ph/ySO8Q

Service Hacking

25 TCP – Simple Mail Transfer Protocol (SMTP)https://archive.ph/HjJrI
Pentest – Everything SMTPhttps://archive.ph/8SQGt
A Beginner’s Guide to DNS Reconnaissance (Part 1)https://archive.ph/hIavs
SQL Injection Polyglotshttps://archive.ph/oQZbA

Active Directory

Forest: A walk through in hacking active directoryhttps://archive.ph/98zPl
Exploiting Active Directory Certificate Services – ESC11 Walkthroughhttps://archive.ph/JBMmt
Active Directory Penetration Testing – The Fundamentals of Kerberoshttps://archive.ph/Z8lcl
Creating a Home Active Directory Labhttps://archive.ph/gvYnA
Building an Active Directory Home Labhttps://archive.ph/Am8yy
Deploy an Active Directory Lab Within Minuteshttps://archive.ph/8zqrE
Building A Basic Active Directory Labhttps://archive.ph/qwc7e

Ghidra

How to decompile external functions of *.so library in ELF with Ghidra?https://archive.ph/58a3i
Using Ghidra to reverse engineer an exe file(crackme0x00.exe) in Kali Linuxhttps://archive.ph/H0tZI
How to Use Ghidra to Reverse Engineer Malwarehttps://archive.ph/sscMs
Learning Ghidra Basics Analyzing Firmwarehttps://archive.ph/Gr0Ns
How to use Ghidra to Reverse Engineer Mobile Applicationhttps://archive.ph/yc09s
Code Analysis With Ghidra: An Introductionhttps://archive.ph/Gn8jp
Everyday Ghidra: Ghidra Data Types— When to Create Custom GDTs — Part 1https://archive.ph/ILAYB
Everyday Ghidra: Ghidra Data Types — Creating Custom GDTs From Windows Headers — Part 2https://archive.ph/raPAr
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1https://archive.ph/65FHI
Everyday Ghidra: Symbols — Automatic Symbol Acquisition with Ghidra — Part 2https://archive.ph/VIJYU
DLL Hijacking & Ghidrahttps://archive.ph/YMui6
A Guide to Reversing Shared Objects with Ghidrahttps://archive.ph/krMsa
Extracting Ghidra Decompiler Output with Pythonhttps://archive.ph/oWaGn
ListingLover – Add pseudo-code to Ghidra disassemblyhttps://archive.ph/igyYP
KatWalk C2: p.5: overclocking and bugfixing or how to use Ghidra to analyse ARM firmwarehttps://archive.ph/NZCbC
How To Use Ghidra For Malware Analysis – Identifying, Decoding and Fixing Encrypted Stringshttps://archive.ph/rCKBY
Visualizing Android Code Coverage Pt.1https://archive.ph/EepBN
how to train your Ghidrahttps://archive.ph/YosPs
Ghidra 101: Binary Patchinghttps://archive.ph/NV5fq
Ghidrathon: Snaking Ghidra with Python 3 Scriptinghttps://archive.ph/d0CwL
Reversing C++, Qt based applications using Ghidrahttps://archive.ph/5G85O
Here Be Dragons: Reverse Engineering with Ghidra – Part 1 [Data, Functions & Scripts]https://archive.ph/uYai7
Reverse engineering 3D Movie Maker – Part 1https://archive.ph/714WJ
Unstripping Stripped Binarieshttps://archive.ph/pBld8
Reverse Engineering Go Binaries with Ghidrahttps://archive.ph/RYIgS
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidrhttps://archive.ph/VjFbI
Parent PID Spoofing (Stage 2) Ataware Ransomware – Part 0x3https://archive.ph/CWBSF
UAC bypass analysis (Stage 1) Ataware Ransomware – Part 0x2https://archive.ph/G0xAU
Reversing C++ Virtual Functions: Part 1https://archive.ph/OmwJg
Part 2: Reverse Engineering and Patching with Ghidrahttps://archive.ph/lE94j

Reverse Engineering

Secret inside of .so filehttps://archive.ph/wDvSV
Reversing Native Libraries | HackTrickshttps://archive.ph/nrhKu
Intro to Android mobile reverse engineeringhttps://archive.ph/WyaAY

Web Hacking

http-request-smugglinghttps://archive.ph/l5TFr
WordPress User Enumerationhttps://archive.ph/bMhQj
Script http-drupal-enum-usershttps://archive.ph/SAEhF
Blog about HTTP Request Smuggling, including a demo application.https://archive.ph/UeLq4
Auth. Bypass In (Un)Limited Scenarios – Progress MOVEit Transfer (CVE-2024-5806)https://archive.ph/BJOPQ
Common Nginx misconfigurations that leave your web server open to attackhttps://archive.ph/g04pB
A simple script just made for self use for bypassing 403https://archive.ph/K7LV5
Unauthenticated SSRF (CVE-2024-41570) on Havoc C2 teamserver via spoofed demon agenthttps://archive.ph/ynr5u
Modify HTML pages on the fly using NGINXhttps://archive.ph/8vw3k
HTTP Security Headers: A complete guide to HTTP headershttps://archive.ph/klIj0
MegaMedusa, RipperSec’s Public Web DDoS Attack Toolhttps://archive.ph/pDj6p
Attacking APIs using JSON Injectionhttps://archive.ph/F4AeT
When WAFs Go Awry: Common Detection & Evasion Techniques for Web Application Firewallshttps://archive.ph/J6Wx7
Breaking Down Multipart Parsers: File upload validation bypasshttps://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
Exploiting Empire C2 Frameworkhttps://aceresponder.com/blog/exploiting-empire-c2-framework
Vulnerabilities in Open Source C2 Frameworkshttps://archive.ph/OFcm3
How I Hacked 40 Websites in 7 minuteshttps://archive.ph/mBRHG

Malware

Gootloader C2 Sails to New Hoster (and new URL)https://archive.ph/W0usB
RansomHub Affiliate leverages Python-based backdoorhttps://archive.ph/fg7ti
LockBit Admins Tease a New Ransomware Versionhttps://archive.ph/Kq3LZ
Python-Based NodeStealer Version Targets Facebook Ads Managerhttps://archive.ph/dkkEp
Rise of LNK (Shortcut files) Malwarehttps://archive.ph/FitJ4
Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packageshttps://archive.ph/Jqaeo
Phishing Campaigns featuring Ursnif Trojan on the Risehttps://archive.ph/Ln48C
HANCITOR DOC drops via CLIPBOARDhttps://archive.ph/1tda0
Malicious PowerPoint Documents on the Risehttps://archive.ph/UBMX8
Android malware distributed in Mexico uses Covid-19 to steal financial credentialshttps://archive.ph/jDFeM
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loaderhttps://archive.ph/VM4Rm
HiddenAds Spread via Android Gaming Apps on Google Playhttps://archive.ph/TATqx
Peeling Back the Layers of RemcosRat Malwarehttps://archive.ph/TUNau
Unmasking AsyncRAT New Infection Chainhttps://archive.ph/4qP2Q
Distinctive Campaign Evolution of Pikabot Malwarehttps://archive.ph/EpWBd
PDF Phishing: Beyond the Baithttps://archive.ph/8XQZG
Stealth Backdoor “Android/Xamalicious” Actively Infecting Deviceshttps://archive.ph/BbNE4
DarkGate: Dancing the Samba With Alluring Excel Fileshttps://archive.ph/VBEDR
Gootloader’s New Hideout Revealed: The Malware Hunt in WordPress’ Shadowshttps://archive.ph/a8Mhe
Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operationshttps://archive.ph/wip/xloz9
Python Crypto Library Updated to Steal Private Keyshttps://archive.ph/dqEEn
6 Common Persistence Mechanisms in Malwarehttps://archive.ph/GZqAu
Technical Analysis of DarkVision RAThttps://archive.ph/n6hoH
Phishing Via Typosquatting and Brand Impersonation: Trends and Tacticshttps://archive.ph/Aa0E2
Unpacking the unpleasant FIN7 gift: PackXORhttps://archive.ph/M2fjZ
Shining Light on the Dark Angels Ransomware Grouphttps://archive.ph/n6hoH
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasarhttps://archive.ph/xLiZF
RAT Malware Operating via Discord Bothttps://archive.ph/VDkUs
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanismshttps://archive.ph/s2CQU
SmokeBuster: Keeping Systems SmokeLoader Freehttps://archive.ph/2cn98
China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaignhttps://archive.ph/CpQ7C
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malwarehttps://archive.ph/HbXi6
PythonRatLoader: The Proprietor of XWorm and Friendshttps://archive.ph/4emmf
Hamas-linked SameCoin campaign malware analysishttps://archive.ph/7FtzS
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trovehttps://archive.ph/GpNKs
July 2020’s Most Wanted Malware: Emotet Strikes Again After Five-Month Absencehttps://archive.ph/bpJSu
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vectorhttps://gootloader.wordpress.com/2024/11/07/gootloaders-pivot-from-seo-poisoning-pdf-converters-become-the-new-infection-vector/
Telegram Bot API based Python backdoor with file download and
execution capability		https://archive.ph/IW9vp
Create your own custom implanthttps://archive.ph/4yjFC
Sign1 Malware: Analysis, Campaign History & Indicators of Compromisehttps://archive.ph/GQPHU
The Prevalence of DarkComet in Dynamic DNShttps://archive.ph/XZCw6
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actorshttps://archive.ph/64×25
Jumpy Pisces Engages in Play Ransomwarehttps://archive.ph/0CdFm
Silent Skimmer Gets Loud (Again)https://archive.ph/9sTEJ
Obfuscating Malicious, Macro-Enabled Word Docshttps://archive.ph/iO5hS
Inside SnipBot: The Latest RomCom Malware Varianthttps://archive.ph/mZJkE
Tricks and Treats: GHOSTPULSE’s new pixel- level deceptionhttps://archive.ph/cqDp5
PBot: a Python-based adwarehttps://archive.ph/7FVp1
Intro to malware analysis: Analyzing Python malwarehttps://archive.ph/7vF9i
PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominerhttps://archive.ph/3cyiT
New Python-Based Crypto-Miner Botnet Flying Under the Radarhttps://archive.ph/ITfhx
Snakes on a Domain: An Analysis of a Python Malware Loaderhttps://archive.ph/S2TNd
Python-Based PWOBot Targets European Organizationshttps://archive.ph/MLafX
Akira Stealer : An Undetected Python Based Info-stealerhttps://archive.ph/noNrR
The Dead Russian Poets Society’: Silent Push uses behavioral fingerprinting, content scans and a 128-year old Russian poem to uncover 150+ new ACTIVE Lumma C2 servers and admin panelshttps://archive.ph/xsPKd
You dirty RAT! Part 1: DarkComethttps://archive.ph/XU2Xl
DarkComet RAT:
Technical Analysis of Attack Chain		https://archive.ph/EYTt8
Malicious Python Package Typosquats Popular ‘fabric’ SSH Library, Exfiltrates AWS Credentialshttps://archive.ph/fQmmB
WISH STEALERhttps://archive.ph/S954A
AsyncRAT’s Infection Tactics
via Open Directories: Technical Analysis 		https://archive.ph/iG2Vy
Finding Malware: Detecting GOOTLOADER with Google Security Operations.https://archive.ph/ODziW
BianLian Ransomware Group: 2024 Activity Analysishttps://archive.ph/YA9Sj

Stocks

How to Pick Stocks: Fundamentals vs. Technicalhttps://archive.ph/gq2b8
Top Wall Street analysts pick these 3 dividend stocks for higher returnshttps://archive.ph/ebsT1

AI

Machine Learning to identify malicious strings in a filehttps://archive.ph/BJthZ
Conducting Robust Learning for Empire Command and Control Detectionhttps://archive.ph/9UMvG
Harnessing LLMs for Automating BOLA Detectionhttps://archive.ph/wQvAk
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learninghttps://archive.ph/h1hOE
Deceptive Delight: Jailbreak LLMs Through Camouflage and Distractionhttps://archive.ph/1TIuE
Simulate the activity of a brute-force attackhttps://archive.ph/1kHDy
Using Decision Tree Analysis for Intrusion Detection: A How-To Guidehttps://www.giac.org/paper/gcia/6498/decision-tree-analysis-intrusion-detection-how-to-guide/123230
An intelligent system that takes a document and classifies different writing styles within the document using stylometric techniques.https://archive.ph/8NUzP
Stylometry library for Burrows’ Delta methodhttps://archive.ph/Y7epe
Decision Tree Machine Learninghttps://archive.ph/Bq71H
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognitionhttps://archive.ph/m6rFb
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examinationhttps://archive.ph/J9F96
Which Doors Are Open: Reinforcement Learning-based Internet-wide Port Scanninghttps://archive.ph/5thbR

Ruby

Ruby ERB Template Injectionhttps://archive.ph/dNrqn
Attacking Ruby on Rails Applicationshttps://archive.ph/lrG5Y
Class, Object and Module Hierarchyhttps://archive.ph/64u08
Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Mergeshttps://archive.ph/YqtRe
Rack for Ruby: Socket Hijackinghttps://archive.ph/r1Jjj
Sessions in Sinatrahttps://archive.ph/FM3sn
Best Practiceshttps://archive.ph/nTyZR
an example ruby erb app vulnerable to sstihttps://archive.ph/3MDZ0
Blocks, Procs, and & operator in Rubyhttps://archive.ph/ikPqx
Introducing Ruzzy, a coverage-guided Ruby fuzzerhttps://archive.ph/ayAac
A random testing / fuzzer framework for Ruby.https://archive.ph/d9RhB
Introducing Afl-Ruby: fuzz your Ruby programs using aflhttps://archive.ph/W6xFo
A coverage-guided fuzzer for pure Ruby code and Ruby C extensionshttps://archive.ph/Rdi2l

Awesome List

Awesome AWS S3 Security https://archive.ph/AIecx
Awesome Android Reverse Engineeringhttps://archive.ph/nOieD
A curated list of free courses & certifications.https://archive.ph/vYTKF
A curated list of amazingly awesome open-source sysadmin resources.https://archive.ph/Y8TPg
A curated list of awesome Deep Learning tutorials, projects and communities.https://archive.ph/K5BNd
A collection of awesome penetration testing resources, tools and other shiny thingshttps://archive.ph/sl7HP
🐬 A collection of awesome resources for the Flipper Zero device.https://archive.ph/6UsJE
A curated list of awesome open source libraries to deploy, monitor, version and scale your machine learning
📖 A curated list of resources dedicated to Natural Language Processing (NLP)https://archive.ph/F5kbU
machine learning and deep learning tutorials, articles and other resourceshttps://archive.ph/wCPq8
📝 A curated list of awesome Raspberry Pi tools, projects, images and resourceshttps://archive.ph/wWjgi
💎 A collection of awesome Ruby libraries, tools, frameworks and softwarehttps://archive.ph/FtbPS
A curated list of awesome Hacking tutorials, tools and resourceshttps://archive.ph/XjPF9
Awesome Malware Analysishttps://archive.ph/fTlv9
:octocat: A collection of APIshttps://archive.ph/8Qjtm
🐶 A curated list of Web Security materials and resources.https://archive.ph/8Qjtm
A list of AI autonomous agentshttps://archive.ph/VPGQ6

Python

Over 100 Malicious Packages Target Popular ML PyPi Librarieshttps://archive.ph/Mbvka
Introduction to stylometry with Pythonhttps://archive.ph/xnGYe
Attacker Hidden in Plain Sight for Nearly Six Months, Targeting Python Developershttps://archive.ph/ICjp6
Unpacking Python Executables on Windows and Linuxhttps://archive.ph/d47Ra
Decompile compiled python binaries (exe, elf) – Retreive from .pychttps://archive.ph/ukvah
Demystifying PyInstaller | A Journey into Decompiling Python Executableshttps://archive.ph/JBk8v
Pyinstaller Reverse Engineeringhttps://archive.ph/X6H9j
pydumpck 1.20.1https://archive.ph/GnsXw

Scattered Spider

Defending Against SCATTERED SPIDER and The Com with Cybercrime Intelligencehttps://www.sans.org/blog/defending-against-scattered-spider-and-the-com-with-cybercrime-intelligence/
Another teenage hacker charged as feds continue Scattered Spider crackdownhttps://archive.ph/kRjS9
Threat Group Assessment: Muddled Librahttps://archive.ph/3UKvX
Scattered Spider x RansomHub: A New Partnershiphttps://archive.ph/AQH0a
Scattered Spider laying new eggshttps://archive.ph/r1kte
A Closer Look at the LAPSUS$ Data Extortion Grouphttps://archive.ph/7I9V0
Meet Lapsus$: An Unusual Group in the Cyber Extortion Businesshttps://archive.ph/wip/hITkZ
A New Threat Actor Group Emerges: Understanding Lapsus$https://archive.ph/wip/w35q2
Who Is the LAPSUS$ Group?https://archive.ph/wip/YMJRM
Unveiling the Tactics of Lapsus$: A Review of Internal Attacks Vectors, Mobile Device Exploitation, and Social Engineering Techniqueshttps://archive.ph/vocOx
Threat Brief: Lapsus$ Grouphttps://archive.ph/JP8vj
Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Grouphttps://archive.ph/RAO7s
Scattered Spider Escalates Attacks on Financial Services Cloud Environmentshttps://archive.ph/gMi2L
Scattered Spider, Oktapus, UNC3944, Scatter Swine – MGM Resorts Compromisehttps://archive.ph/MFBwh
Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industrieshttps://archive.ph/L9T8s
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Securityhttps://archive.ph/qBs0Z
LAPSUS$ aka Scattered Spider: Threat Card and Dossiershttps://archive.ph/4xkvH
The Original APT: Advanced Persistent Teenagershttps://archive.ph/ANdaB
How Discord is Abused for Cybercrimehttps://archive.ph/WA0U3
Scattered Spider is a Young Ransomware Gang Exploiting Large Corporationshttps://archive.ph/fHSyY
Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notorietyhttps://archive.ph/8Qsl6
Unmasking Phishing: Strategies for identifying 0ktapus domains and beyondhttps://archive.ph/MzFcN
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Schemehttps://archive.ph/bjvio

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *