digicatMEnglish · 3 days agoCTO at NCSC Summary: week ending January 4thplus-squarepinctoatncsc.substack.comexternal-linkmessage-square0linkfedilinkarrow-up15arrow-down10
arrow-up15arrow-down1external-linkCTO at NCSC Summary: week ending January 4thplus-squarepinctoatncsc.substack.comdigicatMEnglish · 3 days agomessage-square0linkfedilink
digicatMEnglish · 3 hours agoCNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoorsmp.weixin.qq.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkCNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoorsmp.weixin.qq.comdigicatMEnglish · 3 hours agomessage-square0linkfedilink
digicatMEnglish · 3 hours agoAnalyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infectionplus-squarewww.securonix.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkAnalyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infectionplus-squarewww.securonix.comdigicatMEnglish · 3 hours agomessage-square0linkfedilink
digicatMEnglish · 3 hours agoOffice Assistant Supply Chain Attack? Delivery of Mltab Plugin Affects Massive Number of Terminalsplus-squareti.qianxin.comexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkOffice Assistant Supply Chain Attack? Delivery of Mltab Plugin Affects Massive Number of Terminalsplus-squareti.qianxin.comdigicatMEnglish · 3 hours agomessage-square0linkfedilink
digicatMEnglish · 5 hours ago100 Days of YARA 2026: This YARA rule detects hardcoded strings which are part of Apple code-signing.plus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-link100 Days of YARA 2026: This YARA rule detects hardcoded strings which are part of Apple code-signing.plus-squaregithub.comdigicatMEnglish · 5 hours agomessage-square0linkfedilink
digicatMEnglish · 5 hours ago100 Days of YARA 2026: Detects Windows PE files with potentially duplicated Rich headers. This is based on the fact that there can only exist unique pairs of ProdIDs and Build numbers.plus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-link100 Days of YARA 2026: Detects Windows PE files with potentially duplicated Rich headers. This is based on the fact that there can only exist unique pairs of ProdIDs and Build numbers.plus-squaregithub.comdigicatMEnglish · 5 hours agomessage-square0linkfedilink
digicatMEnglish · 5 hours ago100 Days of YARA 2026: Detects packer used with recent Oyster loader and implant.plus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-link100 Days of YARA 2026: Detects packer used with recent Oyster loader and implant.plus-squaregithub.comdigicatMEnglish · 5 hours agomessage-square0linkfedilink
digicatMEnglish · 5 hours ago100 Days of YARA 2026: Detects Windows PE files with where the XOR key is set to invalid values such as all zeros or padding or if there is a DanS marker mismatch with the XOR keyplus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-link100 Days of YARA 2026: Detects Windows PE files with where the XOR key is set to invalid values such as all zeros or padding or if there is a DanS marker mismatch with the XOR keyplus-squaregithub.comdigicatMEnglish · 5 hours agomessage-square0linkfedilink
digicatMEnglish · 5 hours agoIDontLikeFileLocks: Title is self explaining, well theres few methods we can do to read locked file and play with it...plus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkIDontLikeFileLocks: Title is self explaining, well theres few methods we can do to read locked file and play with it...plus-squaregithub.comdigicatMEnglish · 5 hours agomessage-square0linkfedilink
digicatMEnglish · 2 days agowitr: Why is this running? - Linux - It explains where a running thing came from, how it was started, and what chain of systems is responsible for it existing right now, in a single, human-readableplus-squaregithub.comexternal-linkmessage-square6linkfedilinkarrow-up138arrow-down15
arrow-up133arrow-down1external-linkwitr: Why is this running? - Linux - It explains where a running thing came from, how it was started, and what chain of systems is responsible for it existing right now, in a single, human-readableplus-squaregithub.comdigicatMEnglish · 2 days agomessage-square6linkfedilink
digicatMEnglish · 1 day agoFsquirtCPLPoC: PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBinplus-squaregithub.comexternal-linkmessage-square1linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkFsquirtCPLPoC: PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBinplus-squaregithub.comdigicatMEnglish · 1 day agomessage-square1linkfedilink
digicatMEnglish · 1 day agosigint-hombre: Dynamically generated Suricata rules from real-time threat feedsplus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linksigint-hombre: Dynamically generated Suricata rules from real-time threat feedsplus-squaregithub.comdigicatMEnglish · 1 day agomessage-square0linkfedilink
digicatMEnglish · 1 day ago【重要】EmEditor ホームページに関する不正リンク(マルウェア)について(続報) – EmEditor (テキストエディタ) - 【Important】 About malicious links (malware) related to the EmEditor homepage (follow-up)plus-squarejp.emeditor.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-link【重要】EmEditor ホームページに関する不正リンク(マルウェア)について(続報) – EmEditor (テキストエディタ) - 【Important】 About malicious links (malware) related to the EmEditor homepage (follow-up)plus-squarejp.emeditor.comdigicatMEnglish · 1 day agomessage-square0linkfedilink
digicatMEnglish · 1 day agoDbgNexum: Shellcode injection using the Windows Debugging APIplus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkDbgNexum: Shellcode injection using the Windows Debugging APIplus-squaregithub.comdigicatMEnglish · 1 day agomessage-square0linkfedilink
digicatMEnglish · 1 day agoDiaSymbolView: PDB file inspection toolplus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkDiaSymbolView: PDB file inspection toolplus-squaregithub.comdigicatMEnglish · 1 day agomessage-square0linkfedilink
digicatMEnglish · 2 days agoUsing ADCS to Attack HTTPS-Enabled WSUS Clientsplus-squareblog.digitrace.deexternal-linkmessage-square1linkfedilinkarrow-up17arrow-down11
arrow-up16arrow-down1external-linkUsing ADCS to Attack HTTPS-Enabled WSUS Clientsplus-squareblog.digitrace.dedigicatMEnglish · 2 days agomessage-square1linkfedilink
digicatMEnglish · 2 days agoSynthetic Data: A New Frontier for Cyber Deception and Honeypotsplus-squarewww.resecurity.comexternal-linkmessage-square0linkfedilinkarrow-up110arrow-down10
arrow-up110arrow-down1external-linkSynthetic Data: A New Frontier for Cyber Deception and Honeypotsplus-squarewww.resecurity.comdigicatMEnglish · 2 days agomessage-square0linkfedilink
digicatMEnglish · 2 days agorootkit-detection-ebpf-time-trace: Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.plus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up17arrow-down10
arrow-up17arrow-down1external-linkrootkit-detection-ebpf-time-trace: Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.plus-squaregithub.comdigicatMEnglish · 2 days agomessage-square0linkfedilink
digicatMEnglish · 2 days agoMore than 50% of Qilin’s "Victims" Never Get Leaked, and I Think That’s an Affiliate Verification Problemplus-squaretelegra.phexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkMore than 50% of Qilin’s "Victims" Never Get Leaked, and I Think That’s an Affiliate Verification Problemplus-squaretelegra.phdigicatMEnglish · 2 days agomessage-square0linkfedilink
digicatMEnglish · 2 days agoEntraAzureRBACCheck: Azure RBAC Role Assignment Audit & Drift Detection Toolplus-squaregithub.comexternal-linkmessage-square0linkfedilinkarrow-up13arrow-down10
arrow-up13arrow-down1external-linkEntraAzureRBACCheck: Azure RBAC Role Assignment Audit & Drift Detection Toolplus-squaregithub.comdigicatMEnglish · 2 days agomessage-square0linkfedilink
