DGSec 

@[email protected]
86 Followers
273 Following
17 Posts

Security Engineer focused on (Malware Analysis|DFIR|CTI). ☣

Always on a learning curve. Linux enthusiast

Twittertwitter.com/DGSecNet
Malware AnalysisMalware Analysis
DFIRDFIR
Threat HuntingThreat Hunting
DGSec Jan 5, 2025
HackerNewsJan 5, 2025
A story on home server security
Link: https://raniseth.com/blog/2025-01-04-Home-Server-Security.html
Comments: https://news.ycombinator.com/item?id=42601374
Amund's note on home server security

DGSec Mar 16, 2023

New post about #APT-C-36 #Hagga covering a detailed view of the infection of the last campaigns. From #NjRAT to #LimeRAT deployment.

https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

APT-C-36: from NjRAT to LimeRAT

DGSec Feb 21, 2023
Taylor ParizoFeb 21, 2023

MITRE has some big plans for this year:

  • Focusing on Linux-specific TTPs similar to macOS from last year
  • More defensive coverage to complement the addition of data sources
  • Researching preventive measures to add to the mitigations section
  • More coverage for ICS, mobile and cloud
  • Adding more campaigns

https://medium.com/mitre-attack/2023-attack-roadmap-452fab541673
#ThreatIntel #ThreatHunting #MITRE #TTP

2023 ATT&CK Roadmap - MITRE ATT&CK® - Medium

It’s 2023 and we’re all a little older, including ATT&CK, which will be celebrating its 8th (!) release anniversary in a few short months. Last year we matured, expanded, deconflicted, and renovated…

MITRE ATT&CK®
DGSec Feb 16, 2023
SANS Internet Storm Center - SANS.edu - Go Sentinels!Feb 16, 2023
HTML phishing attachment with browser-in-the-browser technique https://i5c.us/d29556
DGSec Feb 8, 2023
Philippe LagadecFeb 8, 2023

RT @assume_breach
Here's an easy example of the OneNote malware craze.

I just published Home Grown Read Team: Let’s Make Some OneNote Phishing Attachments https://link.medium.com/leWiGFpzexb

DGSec Feb 6, 2023
Philippe LagadecFeb 6, 2023

RT @DissectMalware
Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format:

https://github.com/DissectMalware/pyOneNote

Covers 20 out of 38 FileNode types

E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628

https://twitter.com/ffforward/status/1621195397250289664

GitHub - DissectMalware/pyOneNote

Contribute to DissectMalware/pyOneNote development by creating an account on GitHub.

GitHub
DGSec Jan 20, 2023
Virus BulletinJan 20, 2023
Cisco Talos' Guilherme Venere writes about how LNK file metadata could be used to identify relationships among different threat actors and to identify & track new campaigns. His report demonstrates this by using metadata to connect Bumblebee with IcedID & Qakbot. https://blog.talosintelligence.com/following-the-lnk-metadata-trail/
Following the LNK metadata trail

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.

Cisco Talos Blog
DGSec Dec 19, 2022
Jérôme SeguraDec 19, 2022

Looks like more #malvertising related to the #IcedId campaign. Safe to block any domain hosted at 31.41.244.55

qweiaoer[.]online
israelifrenchbulldogs[.]com/teamviewer/

DGSec Dec 12, 2022
Eric CapuanoDec 8, 2022

Awesome blog series by @svch0st on Event Log Tampering.

#dfir #secops #threathunting

Event Log Tampering Part 1: Disrupting the EventLog Service

Windows event logs are a fundamental source of data and evidence for incident response. Attackers will target this source to slow down the response by clearing or tampering logs (T1070). Although…

Medium
DGSec Dec 12, 2022
JaziDec 12, 2022

It seems #Gamaredon #APT has operated a phishing campaign to target Security Services of Ukraine (http://ssh.gov.ua)

email subject:
Щодо зіпсуття військово-облікових документів СБУ
(Regarding the corruption of SBU military accounting documents)

1265_09.12.2022.7z
1ffb409a8d8e395d969193e93b66419e

Щодо зіпсуття військово-облікових документів та їх втрату з небрежності співробітниками СБУ.lnk
f72c9718260c96c77d1e0be91b30fcbf

https://dwn-files[.]shop/12.12_sb/rehearsal.rtf