@udgover@infosec.exchange
19 Followers
29 Following
7 Posts
udgoverMay 19
Pass the SALT ConferenceMay 19

After #HW, let's dive into our #DFIR/TI session🥰:

- @tomchop will introduce you #OpenRelik a new collaborative IR invest portal 🚀

- @udgover & Matt Muir will introduce us to their e2e malwares process workflow using FLOSS ✊

- and we'll be able to learn & practice #MISP as analysts with @C00kie_two & @wr during their dedicated workshop 🛠️

🎟️GO & book your (free) seat: https://pretix.eu/passthesalt/2025/
📔program: https://cfp.pass-the-salt.org/pts2025/schedule/
📅July 1 to 3, 2025
📍Lille, FR

Relays appreciated 🙏

udgoverDec 11, 2022

Be prepared for #K8s #DFIR!

1️⃣​ Enable ContainerCheckpoint gate in your cluster
2️⃣​ Run CRI-O 1.25 and start with --enable-criu-support=true (containerd not supported yet)
3️⃣​ curl -X POST "https://localhost:10250/checkpoint/namespace/podId/container"

More ⬇️

https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/

Forensic container checkpointing in Kubernetes

Authors: Adrian Reber (Red Hat) Forensic container checkpointing is based on Checkpoint/Restore In Userspace (CRIU) and allows the creation of stateful copies of a running container without the container knowing that it is being checkpointed. The copy of the container can be analyzed and restored in a sandbox environment multiple times without the original container being aware of it. Forensic container checkpointing was introduced as an alpha feature in Kubernetes v1.

Kubernetes
udgoverNov 21, 2022
Nick FrichetteNov 21, 2022
New cloud security research! We found a vulnerability in AWS AppSync that allowed us to trick the AppSync service to assume roles in other accounts, allowing us to access their resources. https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/
A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs

Public disclosure of a cross-account security vulnerability in AWS AppSync.

udgoverNov 18, 2022

You can now officially send your cowrie logs to your Datadog instance!

https://cowrie.readthedocs.io/en/latest/datadog/README.html

How to send Cowrie output to Datadog Log Management — cowrie 2.3.0 documentation

udgoverNov 17, 2022
Łukasz Nov 16, 2022

My favourite conference is @botconf - I didn't miss a single edition, it's run by wonderful people and the talks are always very interesting. Their call for papers is open until Dec 10. Submit your research!

https://www.botconf.eu/botconf-2023/call-for-papers-2023/

Call for papers 2023

Call for papers for Botconf 2023, 10th edition of the Botnet and Malware Ecosystems Fighting Conference. Please read the following CFP carefully before submitting. Important dates 10th December 2022 – Deadline for conference paper and workshop submissions 15th January 2023 – Notification t

Botconf 2023
udgoverNov 16, 2022
dubbelNov 16, 2022

Found 4 malicious #python packages on #pypi:
- argpaser
- randomized
- coloroma
- aes44 (payload is the 2nd stage decoded payload of the others)

Payload seems to be at least 3 times encoded to avoid detection.
#cti #malware

udgoverNov 15, 2022
Christophe Nov 15, 2022

We just released a new open-source tool to identify malicious PyPI packages, using Semgrep rules and package metadata analysis!

Bonus: an analysis of malicious packages we found in the wild, and a corpus of 140+ at your disposal to play with.

Finding malicious PyPI packages through static code analysis: Meet GuardDog

Try it out and let me know what you think! https://github.com/datadog/guarddog/

#supplychain #softwaresupplychain

Finding malicious PyPI packages through static code analysis: Meet GuardDog | Datadog Security Labs

GuardDog is an open-source tool to identify malicious PyPI packages through source code and metadata analysis