SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.

Detect Powershell Executions by Office Binaries via Sigma Detection Rule

Detect Powershell Executions by Office Binaries via Free Sigma Detection Rule

PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. In many attacks office binaries may execute powershell.exe to perform malicious activities. With this free Sigma rule you can detect these behaviors. title: Detect powershell executed by office binaries description: office binaries may execute powershell.exe…

"lsm.exe" Windows process

Lsm.exe: One Of The Most Important Windows Processes For Threat Hunting

“lsm.exe” is the Local Session Manager Service in the Windows OS. This process handles all the connections related to the terminal server on the hosted machine. “lsm.exe” is a core Windows process. In this new series, we analyze Windows processes and provide threat hunting tips. Image Path:  %SystemRoot%\System32\lsm.exe Parent Process:  wininit.exe Number of Instances:  One User…

Ubuntu 20.04 logo

Ubuntu 20.04 LTS is out

Canonical has released the latest version of its Ubuntu Linux, one of the most popular Linux distributions; which offers several exciting new features designed to improve performance and security; including a built-in VPN, support for ExFat and ZFS, and more. Ubuntu 20.04 “Focal Fossa” is now available for download. Ubuntu 20.04 LTS is a long-term…

microsoft-office

Microsoft released out-of-band security update Microsoft Office and Paint 3D

A week after the April 2020 Patch Tuesday, Microsoft released an out-of-band security update that fixes remote code execution vulnerabilities in Office, Office 365 ProPlus, and Paint 3D. The applications are affected by multiple Autodesk vulnerabilities that, if exploited, could enable remote code execution. The newly disclosed bugs stem from the Autodesk’s library for the FBX…

PowerShell does not equal PowerSell- threat hunting

Detect Binaries That Use PowerShell Dlls via Free Sigma Detection Rule

PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. Adversaries may use PowerShell to perform malicious activities. There are a lot of detection strategies to find malicious PowerShell activities. PowerShell’s capabilities allow you to simplify and automate tedious and repetitive tasks by creating scripts…

IBM Logo

Researcher Discloses 4 Zero-Day Vulnerabilities in IBM Data Risk Manager

A cybersecurity researcher disclosed four zero-day vulnerabilities in IBM’s enterprise security software after the company refused to fix the issues and acknowledge the private disclosure report. The vulnerabilities affect the IBM Data Risk Manager software ― a tool that provides companies with “a business-consumable data risk control center that helps to uncover, analyze, and visualize data-related business…

Detect APT34 MuddyWater Command & Control Channel Via Sigma Detection Rule

Detect APT34 MuddyWater Command & Control Channel Via Sigma Detection Rule

The APT34 MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the…