Mastodawn

acrypthash👨🏻‍💻Dec 3, 2024

donut is such a fun tool

acrypthash👨🏻‍💻Dec 2, 2024

It's been quite a bit since I have been on here. A small update:
- I have a security analyst working with me, the help has been great!
- I going back to Penn State for the third time to do a security talk about process injection!
- I am prepping our annual penetration tests against our web app!

I continue to grow and learn more about my field in Security and am so grateful for the fun I get to have!
#security #updates #gratitude #processinjection #pennstate

acrypthash👨🏻‍💻May 6, 2024

I'm FINALLY enrolling Linux endpoints into Ninja One now that infrastructure is completed. There was a lot of time sitting around and waiting but I'm now making progress again.

#security #linuxpatching #ninjaone

acrypthash👨🏻‍💻May 6, 2024

Why running strings over an executable is important:
https://polaryse.github.io/posts/pureland_analysis/#MacOS

#security #macos #infostealer #strings #reverseengineering

Analysis of PureLand Info Stealer

Analysis of an information stealer application designed for MacOS systems alongside a detailed breakdown of the structure of iOS applications to aid in future analysis of mac malware.

acrypthash👨🏻‍💻May 5, 2024

Frederik May 4, 2024

Roughly two years ago I hacked together a small tool to automatically download the
#windows #docker images, extract the ntdll.dll from them and extract the #syscall numbers for that Windows version. This can be used for #shellcode and other #malware dev activities.

I've finally pushed the code to GitHub and redeployed the website.

All the data is either available in the HTML tables, or as a JSON by appending ?format=json to the URL.

Because it's just been redeployed, it's re-downloading all the images, so it will take a few hours until more Windows versions are indexed. It's now indexed more than 200 different version of ntdll.dll :)

GitHub - frereit/syscalls.win: A very simple NTDLL fetcher & syscall number extractor

A very simple NTDLL fetcher & syscall number extractor - frereit/syscalls.win

GitHub

acrypthash👨🏻‍💻May 5, 2024

Royans Tharakan May 5, 2024

Fascinating read on how commands are interpreted by shell and the kernel. Most shell users take such things for granted, but for those writing rules to detect malware, this is probably the type of thing which needs to be paid attention to.

https://redcanary.com/blog/linux-security/detection-engineer-guide-to-linux/

The detection engineer’s guide to Linux | Red Canary

Learn the basics of Linux detector development and effective testing methodologies for Linux detectors from a Red Canary detection engineer.

Red Canary

acrypthash👨🏻‍💻May 5, 2024

This was so fun!
#security #exitTheGame

acrypthash👨🏻‍💻May 4, 2024

Harry Sintonen May 3, 2024

Several vulnerabilities have been discovered in #nscd, the Name Service Cache Daemon in the #glibc which may lead to denial of service or the execution of arbitrary code.

The vulnerability details:
- CVE-2024-33599: https://sourceware.org/bugzilla/show_bug.cgi?id=31677
- CVE-2024-33600: https://sourceware.org/bugzilla/show_bug.cgi?id=31678
- CVE-2024-33601: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
- CVE-2024-33602: https://sourceware.org/bugzilla/show_bug.cgi?id=31680