unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Use of Tox protocol in malware
2024-9-22 08:41:0 | 阅读: 8 |
收藏
|
boredhackerblog - www.boredhackerblog.info
Progressive Web Apps (PWA) on Windows - forensics and detection of use
IntroductionProgressive Web app (PWA) is just a webapp that can be installed as an app on a system...
2024-6-20 09:11:0 | 阅读: 18 |
收藏
|
boredhackerblog - www.boredhackerblog.info
chrome
pwa
progressive
phishing
microsoft
observed in the wild - batch obfuscation technique and an interesting way to run powershell code
Saw these two things in the wild while looking at some samples.Batch ObfuscationMalicious batch fil...
2024-3-24 07:27:0 | 阅读: 18 |
收藏
|
boredhackerblog - www.boredhackerblog.info
powershell
oneconsult
inferably
55257
Speeding up report reading and security/SOC alert triaging by auto-highlighting keywords on webpages
Introduction:If you're a security analyst or threat researcher, you may spend a lot of time reading...
2023-12-22 01:33:0 | 阅读: 6 |
收藏
|
boredhackerblog - www.boredhackerblog.info
github
customize
finds
Quick sample analysis which ended up dropping asyncrat
I came across a sample that involving traffic to 91.92.242.28:222.There is sandbox report here: ht...
2023-11-18 08:52:0 | 阅读: 13 |
收藏
|
boredhackerblog - www.boredhackerblog.info
tron
coment
launching
microsoft
powershell
Using command line redirection and DLL ordinals to potentially bypass detections
I came across this during a pentest. The techniques mentioned here are not new and there are alread...
2023-10-23 02:33:0 | 阅读: 22 |
收藏
|
boredhackerblog - www.boredhackerblog.info
comsvcs
ntds
attacker
rundll32
minidump
Installing Whonix Gateway on Proxmox for threat & malware research
IntroWhonix is a tool for routing traffic through Tor. Whonix VM's come as Desktop/with UI or CLI....
2023-10-8 01:32:0 | 阅读: 48 |
收藏
|
boredhackerblog - www.boredhackerblog.info
whonix
network
proxmox
152
wiki
OpenSSL-1.0.0-fipps Linux Backdoor - Notes
Introduction:In some security/malware chat room, someone posted about an ELF backdoor, at the time,...
2022-11-30 06:39:0 | 阅读: 12 |
收藏
|
boredhackerblog - www.boredhackerblog.info
c2
fipps
submission
sysv
Looking for EvilProxy - Notes
Introduction:This started with someone asking about EvilProxy and any signatures for detecting it....
2022-11-22 05:35:0 | 阅读: 9 |
收藏
|
boredhackerblog - www.boredhackerblog.info
evilproxy
urlscan
phishing
444
lmo
Researching golang malware and how I hate security industry naming conventions - Part 1
While doing some research on the use of golang in malware, I came across this golang sample here: h...
2022-10-17 23:11:0 | 阅读: 7 |
收藏
|
boredhackerblog - www.boredhackerblog.info
gotroj
gsh
winservice
darkdoor
Researching golang malware and how I hate security industry naming conventions - Part 2
I did some string searches in Hybrid-Analysis as well to look for more files. (Thanks Hybrid-Analys...
2022-10-17 23:11:0 | 阅读: 11 |
收藏
|
boredhackerblog - www.boredhackerblog.info
c2
analysis
filesize
181
0x5a4d
Looking at process relationships from malware sandbox execution data
Introduction:This blog post discusses looking at process relationships, specifically from malware s...
2022-10-16 01:42:0 | 阅读: 10 |
收藏
|
boredhackerblog - www.boredhackerblog.info
analysis
database
ilike
commandline
Remotely managing Sysmon configuration through Graylog Sidecar
Introduction:Sysmon is a tool from Microsoft that can help with collecting better logs (compared to...
2022-8-19 03:48:0 | 阅读: 12 |
收藏
|
boredhackerblog - www.boredhackerblog.info
sysmon
sidecar
graylog
windows
github
Screenshotting/scanning domains from certstream with littleshot to find interesting content
Introduction:Certstream is a great service which provides updates from Certificate Transparency Log...
2022-7-21 03:43:0 | 阅读: 8 |
收藏
|
boredhackerblog - www.boredhackerblog.info
littleshot
certstream
humio
github
Building a honeypot network with inetsim, suricata, vector.dev, and appsmith
I wanted to learn a bit more about data engineering, databases, app building, managing systems, and...
2022-7-14 07:28:0 | 阅读: 41 |
收藏
|
boredhackerblog - www.boredhackerblog.info
inetsim
sensors
suricata
webapp
sensor
Quick analysis of stealer malware sent via discord
Introduction:Just a quick analysis of malware sent via discord...I got the malicious file from some...
2022-3-6 04:36:0 | 阅读: 6 |
收藏
|
boredhackerblog - www.boredhackerblog.info
analysis
webhook
triage
chrome
notes/links about log collection, storage, and searching
IntroductionJust some notes about log collection, storage, and searching.I just want to be able to...
2021-12-13 12:0:0 | 阅读: 7 |
收藏
|
boredhackerblog - www.boredhackerblog.info
loki
windows
fluentbit
logstash
github
Collecting Unifi logs with Vector and Grafana Loki
IntroductionThis post just discusses sending unifi logs to grafana loki and utilizing vector.dev/ve...
2021-11-27 07:53:0 | 阅读: 15 |
收藏
|
boredhackerblog - www.boredhackerblog.info
loki
syslog
unifi
remote
Creating a malware sandbox for sysmon and windows event logs with virtualbox and vmexec
IntroductionI was doing some research around detection related to maldoc/initial access. Usually, I...
2021-4-11 05:22:0 | 阅读: 4 |
收藏
|
boredhackerblog - www.boredhackerblog.info
github
odfe
kibana
windows
Creating an Active Directory (AD) lab for log-based detection research and development with Vagrant, Humio, and AtomicRedTeam
introductionFew years or months ago, I came across DetectionLab project and thought it was neat. It...
2021-1-31 03:40:0 | 阅读: 1 |
收藏
|
boredhackerblog - www.boredhackerblog.info
windows
download
machine
winlogbeat
Previous
-30
-29
-28
-27
-26
-25
-24
-23
Next