SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.

Detect Audio Capture Attack with Splunk Detection Rule

Detection of Audio Capture Attack with Splunk Detection Rule

ID: T1123 Tactic: Collection Platform: Linux, macOS, Windows An adversary can leverage a computer’s peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information. Malware or scripts may be used to interact with the devices through an available API…

WordPress Plugins, Cisco, Cisco Webex, Cerberus RAT, Microsoft Teams

Week In Cyber News: Cerberus RAT new Variant, 2 WordPress Plugins Vulnerabilities, Cisco Webex Phishing Campaign, and More

Popular services, programs, and organizations have always been a target of cyber attacks to exploit the vulnerabilities in the service, steal users’ information, steal sensitive corporate information, or compromise the infrastructure. We have gathered the major cyber news over the past week including Cerberus RAT, WordPress plugins vulnerabilities, Cisco Webex phishing emails, Cisco update, and…

What Are HTTP GET/POST Flood Attacks?

Hunt Threats Better: What Are HTTP GET/POST Flood Attacks?

Learn the main differences between HTTP GET and POST flood attacks and mitigation strategies for both. Request Components (1) Methods Required: GET, POST Optional: OPTIONS, HEAD, PUT, DELETE, TRACE, CONNECT WebDAV: PROPFIND , PROPPATCH, MKCOL COPY, MOVE, LOCK, UNLOCK  Request string (AKA URI) Can include parameters on GET request /index.php?choice=foo&choice2=bar You might already be familiar…

WordPress,Adobe Illustrator, Magento, Bridge, Shade ransomware

Week in Cyber News: 5 WordPress Plugin Vulnerabilities, Adobe Illustrator, Magento, Bridge updated, Microsoft Teams GIF bug, and More

Vulnerabilities will always exist in systems, and vendors always come up with mitigations and updates to prevent potential attacks. Popular services and programs have long been a target of attacks to exploit the service itself or the users. We have gathered the major cyber news over the past week including WordPress plugin vulnerabilities, Adobe updates,…

svchost.exe - The Most Important Windows Processes For Threat Hunting

svchost.exe: One Of The Most Important Windows Processes For Threat Hunting

“svchost.exe” (Service Host) is a system process in the Windows OS responsible for hosting and managing Windows services that run from dynamic-link libraries (.dll files). This process cannot start or end manually. “svchost” hosts a number of services to lower resource consumption and protect computing resources. If all the services ran under one process, in case…

Volatility threat hunting

Analyse Volatile data in a computer’s memory

What is memory hunting? Memory Hunting/forensics refers to the analysis of volatile data in a computer’s memory. Information security professionals conduct memory forensics to investigate and identify attacks or malicious behaviors that do not leave easily detectable tracks on hard drive data. Why memory hunting? Complete capture of memory on a compromised computer generally bypasses…

Detect Powershell Executions by Office Binaries via Sigma Detection Rule

Detect Powershell Executions by Office Binaries via Free Sigma Detection Rule

PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. In many attacks office binaries may execute powershell.exe to perform malicious activities. With this free Sigma rule you can detect these behaviors. title: Detect powershell executed by office binaries description: office binaries may execute powershell.exe…