SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.

Threat Hunting Images: Abusing Applint DLLs Registry: Detect This Behavior with Sigma Detection Rule

Abusing Applint DLLs Registry: Detect This Behavior with Sigma Detection Rule

Dynamic-link libraries (DLLs) that are specified in the AppInit_DLLs value in the Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows or HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll into every process that loads user32.dll With this sigma rule you can detect these behaviors: title: Abusing Applint DLLs Registry Path description: DLLs values in Applint registry values will be loaded by user32.dll…

Cisco vulnerabilities

Cisco Addresses High-Severity Vulnerabilities In Its Products

Cisco has issued security patches for vulnerabilities in its products, eight of which considered having a potentially high impact and the remainder rated medium. The vulnerabilities exist in Cisco products, including the Unified Computing System (UCS) software, Firepower firewall (FXOS), and the Nexus switch operating system (NX-OS) software.  “All six vulnerabilities have a Security Impact Rating (SIR)…

Cerberus android banking Trojan

Cerberus Android Banking Trojan Steals Google Authenticator’s 2FA Codes

“Cerberus” Android banking Trojan is now able to steal and exploit Google Authenticator’s one-time passcodes (OTP); these codes are generated for two-factor authentication (2FA) of many accounts. Google Authenticator app was launched in 2010 as the more secure alternative for SMS Authentication codes. The app works by providing six to eight-digits unique codes that users…

DoppelPaymer

DoppelPaymer lanserar en webbplats för att läcka stulen information vid utebliven lösesumma

DoppelPaymer-operatörerna har lanserat webbplatsen “Dopple” för att läcka stulen information om offren som vägrar att betala en lösesumma. Operatörerna säger att de har skapat den här webbplatsen för att hota offren. Om de vägrar att betala kommer information såsom namn och viktiga företagsdata att läcka ut på webbplatsen. Operatörerna hävdar att webbplatsen för närvarande är…