This is pretty freaking cool. #IMHO
Dump and disassemble a running memory region WITH NO DEBUGGER NEEDED. So no gdb or lldb will be detected.
You must own the process or be root.
dd if=/proc/11223/mem bs=1 skip=$((16#7f9ba80f3000)) count=128 2>/dev/null \
| objdump -D -b binary -m i386:x86-64 -M intel /dev/stdin
The 16# is a bashism to interpret as hex.
๐ต THREAT INTELLIGENCE
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
Vulnerability | CRITICAL
CVEs: CVE-2026-48907
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla...
Full analysis:
https://www.yazoul.net/news/article/cisa-warns-of-actively-exploited-joomla-jce-flaw-allowing-php-code-execution
๐ต THREAT INTELLIGENCE
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
Vulnerability | CRITICAL
CVEs: CVE-2026-48907
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla...
Full analysis:
https://www.yazoul.net/news/article/cisa-warns-of-actively-exploited-joomla-jce-flaw-allowing-php-code-execution
๐จ I'm teaching SANS FOR577: Linux Incident Response & Threat Hunting in Virginia Beach, VA August 24-29, this will be the first public run with completely updated course material.
What's new:
๐ชจ Expanded btrfs coverage โ not just artifacts, but the tools you can actually use to examine disk images containing btrfs filesystems. Btrfs is now the default on Fedora, openSUSE, and increasingly Ubuntu. If you've hit that tooling gap during a real investigation, this is for you.
๐งช All-new labs - rebuilt from the ground up
๐ New capstone - a comprehensive, updated challenge that ties the course together
๐ค AI Investigations - a brand new section covering:
* LLM evidence artifacts
* Coding assistant forensics
* AI Agents & MCP (Model Context Protocol)
* Prompt injection attacks and how to investigate them
AI tools are already embedded in attacker workflows and user environments alike. Knowing how to find and interpret AI-related evidence is becoming a core DFIR skill.
๐ค Free SANS @night Talk โ Aug 26 @ 6:00 PM
"Extending Protocol-SIFT to Linux" โ Protocol-SIFT has been Windows-only. We're changing that.
๐ฐ Save $500 with Early Bird code EarlyBirdNA โ must pay by July 9, 2026
๐ Hilton Virginia Beach Oceanfront
๐
August 24-29, 2026
๐ Register: https://www.sans.org/cyber-security-training-events/virginia-beach-2026
#DFIR #SANS #FOR577 #LinuxForensics #IncidentResponse #ThreatHunting #AIForensics #PromptInjection #btrfs #Cybersecurity #DigitalForensics #InfoSec #GLIR
Achieve the expertise you need to succeed in days, not months. Immerse yourself in a week of elite training designed for all skill-levels at SANS Virginia Beach 2025. From hands-on labs to cutting-edge techniques taught by industry-leading instructors, you'll gain the skills to excel and the certifications to prove it.
I found an exposed installer on a malware distribution site.
The installer let me create a new admin account.
The rest got interesting.
https://potato.id/en/posts/i-accidentally-logged-into-threat-actor-website/
#CyberSecurity #ThreatHunting #InfoSec #ThreatIntel #ThreatIntelligence #Malware #MalwareAnalysis #WebSecurity #BlueTeam #DFIR #SOC #IncidentResponse #OSINT #PHP #RedTeam
Basecamp Briefing: June 11, 2026 ๐๏ธ #InfoSec + #DataPrivacy news along with tools and resources for your professional climb.
Appearing in today's newsletter: Azerbaijan, Messi, and information about the upcoming
@Antisy_Training #ThreatHunting Summit!
https://sherpaintelligence.substack.com/p/basecamp-briefing-june-11-2026
๐ต THREAT INTELLIGENCE
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Vulnerability | CRITICAL
CVEs: CVE-2026-11645
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The...
Full analysis:
https://www.yazoul.net/news/article/chrome-v8-zero-day-cve-2026-11645-exploited-in-the-wild-patch-now
๐ต THREAT INTELLIGENCE
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Vulnerability | CRITICAL
CVEs: CVE-2026-11645
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The...
Full analysis:
https://www.yazoul.net/news/article/chrome-v8-zero-day-cve-2026-11645-exploited-in-the-wild-patch-now
If you don't think MDASH is having an effect on Microsoft's ability to secure its products, take a look at this:
โ
Microsoft breaks Patch Tuesday record with fixes for over 200 security flaws
https://www.techradar.com/pro/security/microsoft-breaks-patch-tuesday-record-with-fixes-for-over-200-security-flaws
For more on MDASH, visit: https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/
#security #vulnerabilities #threathunting
Geoff
Yazoul - Cybersecurity Alerts
Yazoul - Cybersecurity Alerts
Jim - BlackLivesMatter ๐ณ๏ธโ๐๐ณ๏ธโโง๏ธ (he/him)
Ryen
laztname
InfoSecSherpa
kurtsh