Kenan

@[email protected]
24 Followers
90 Following
33 Posts
#InfoSec #DFIR #Detectionengineering #threathunt #OST
KenanJan 12
Jerry GamblinJan 12

Finding CVEs that technically "don't exist" yet. 🕵️‍♂️

Ghost CVEs are live. A "Ghost CVE" is a vulnerability identifier that’s already popped up in the wild—think GitHub commits or security advisories—but is still listed as RESERVED or NOT_FOUND in official registries like NVD or MITRE.

It catches the threats that are already out there, even if the paperwork says they aren't. 📝💨

Admittedly, there are a lot more sources to add—this was just a quick weekend POV—but I plan on extending it soon.

Check out the latest ghost report here: https://github.com/RogoLabs/GhostCVEs/blob/main/reports/ghost_report.md

#InfoSec #ThreatIntel #OpenSource #GhostCVEs

GhostCVEs/reports/ghost_report.md at main · RogoLabs/GhostCVEs

GhostCVEs. Contribute to RogoLabs/GhostCVEs development by creating an account on GitHub.

GitHub
KenanOct 23
Threat InsightOct 23

Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint. 🫆

We use this tool internally to help track multiple threat actors with high confidence, improving attribution in many cases.

The tool has been released in the Proofpoint Emerging Threats public #GitHub for other defenders to leverage.

Learn more about it here: https://www.proofpoint.com/us/blog/threat-insight/proofpoint-releases-innovative-detections-threat-hunting-pdf-object-hashing

#PDF #threatdetection #cyberthreat

KenanJan 2, 2024
Alexis Brignoni  Jan 2, 2024

You all know is true. 😅

#DigitalForensics #MoblieForensics #DFIR

KenanSep 2, 2023

Forensic Aspects of Microsoft Remote Access VPN

https://www.synacktiv.com/en/publications/forensic-aspects-of-microsoft-remote-access-vpn

Forensic Aspects of Microsoft Remote Access VPN

Introduction The rise of remote work forced companies to take a closer look at remote access solutions and in particular virtual private networks (VPN). With employees using their devices in uncontro

Synacktiv
KenanJul 27, 2023
jasegJul 26, 2023
Since it seems #Google has decided to uni-laterally force through their new anti-#adblock #DRM euphemistically named "Web environment integrity", I decided to add a little bit of code to my website that blanks out the page and displays a protest message with a link to the firefox download page when you visit it from a browser with this DRM feature. Here's the source inside one toot, feel free to copy and put it at the end of your website's <body> before the closing tag:
KenanJul 25, 2023
Show threadKevin BeaumontJul 25, 2023
12 government agencies in Norway have been hit with the #MobileIron zero day. https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/
Norway says Ivanti zero-day was used to hack govt IT systems

The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country.

BleepingComputer
KenanMar 5, 2023
Doug MetzMar 4, 2023

I was pleased to find out that my presentation, Free Triage Tools to Bolster Your IR Toolkit, https://www.magnetforensics.com/resources/free-triage-tools-to-bolster-your-ir-toolkit/ was among the top attended sessions of the 2023 Magnet Virtual Summit. If you missed it, you can view it on-demand with link above. Then check out all the highlights at
https://www.magnetforensics.com/blog/highlights-from-magnet-virtual-summit-2023/

Note: As of the newest version (4.0) CSIRT-Collect is now CyberPipe.
https://github.com/dwmetz/CyberPipe

#DFIR #PowerShell #Triage #CyberPipe

Free Triage Tools to Bolster Your IR Toolkit - Magnet Forensics

Time is always of the essence in IR investigations and reducing the time to collect and analyze data is crucial. Triage has become an increasingly important part of DFIR toolkits, enabling forensic investigators to manage the large volumes of alerts and data that could be reviewed to determine the validity and extent of incidents. Join … Continued

Magnet Forensics
KenanFeb 16, 2023
Eric CapuanoFeb 16, 2023

Quick blog post on #PowerShell forensic artifact: ConsoleHost_History.txt

Check it out: https://ecapuano.substack.com/p/powershell-artifact-consolehost_historytxt?sd=pf

#DFIR #ThreatHunting

PowerShell Artifact - ConsoleHost_History.txt

A great way to understand adversary PowerShell activity on a system.

Eric’s Substack
KenanFeb 16, 2023
Show threadapgarciaFeb 16, 2023

@hal_pomeranz i came across a really cool alternative to the 'sort | uniq -c | sort -rn' histogram pattern:

https://github.com/red-data-tools/YouPlot

see screenshot...

GitHub - red-data-tools/YouPlot: A command line tool that draw plots on the terminal.

A command line tool that draw plots on the terminal. - red-data-tools/YouPlot

GitHub
KenanFeb 14, 2023
Hal PomeranzFeb 14, 2023

Folks like @nnungest have been asking for an archive of my daily Linux DFIR command line challenges. And frankly I'm worried that I'm accidentally going to repeat myself if I don't have a reference handy. So I finally got started on creating an archive! The first (very) rough draft is at https://deer-run.com/users/hal/linux-daily.html

Aside from the obvious formatting deficiencies, I also haven't yet written the code to auto-update the archive. But at least it contains everything up to today's question. I'll keep plugging away at this as time allows, but I didn't want to wait for the "perfect" solution before posting something useful.

Daily Linux DFIR Command Line Trivia Archive