Georg311 - Network
Also quite nice #xzutils #xzbackdoor #xz :https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
https://infosec.exchange/@Georg3...Also quite nice #xzutils #xzbackdoor #xz :
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
https://infosec.exchange/@Georg3...
Best #xz #xzutils #xzbackdoor summary/timeline so far:https://boehs.org/node/everything-i-know-about-the-xz-backdoor
https://infosec.exchange/@Georg3...Best #xz #xzutils #xzbackdoor summary/timeline so far:
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
https://infosec.exchange/@Georg3...
The xz gitlab issues right now https://github.com/tukaani-project/xz/issues/92 🙈
https://infosec.exchange/@Georg3...The xz gitlab issues right now https://github.com/tukaani-project/xz/issues/92 🙈
29.3.2024 20:11The xz gitlab issues right now https://github.com/tukaani-project/xz/issues/92 🙈https://infosec.exchange/@Georg3...
So... Under the premise that only #xz Version 5.6+ is compromised lts OS seem fine. Ubuntu is still using oder versions, Debian is only...
https://infosec.exchange/@Georg3...So... Under the premise that only #xz Version 5.6+ is compromised lts OS seem fine. Ubuntu is still using oder versions, Debian is only using newer ones in testing. Kali updated to 5.6 last week,but testing sources were already reverted to a 5.4 version so one can 'just upgrade'
29.3.2024 19:51So... Under the premise that only #xz Version 5.6+ is compromised lts OS seem fine. Ubuntu is still using oder versions, Debian is only...https://infosec.exchange/@Georg3...
Oh wow... https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
https://infosec.exchange/@Georg3...18.9.2023 16:18Oh wow... https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchershttps://infosec.exchange/@Georg3...
https://www.bleepingcomputer.com/news/microsoft/hackers-stole-microsoft-signing-key-from-windows-crash-dump/Oh my.. Somehow this conclusion...
https://infosec.exchange/@Georg3...Oh my.. Somehow this conclusion doesn't feel very satisfying
7.9.2023 03:59https://www.bleepingcomputer.com/news/microsoft/hackers-stole-microsoft-signing-key-from-windows-crash-dump/Oh my.. Somehow this conclusion...https://infosec.exchange/@Georg3...
T568b, now with poeSo... Brown cable to thisWhite cable to that...Aaand finishedWho dares to plug the cable in..?Phew...it worked
https://infosec.exchange/@Georg3...T568b, now with poe
So... Brown cable to this
White cable to that...
Aaand finished
Who dares to plug the cable in..?
Phew...it worked
26.5.2023 06:49T568b, now with poeSo... Brown cable to thisWhite cable to that...Aaand finishedWho dares to plug the cable in..?Phew...it workedhttps://infosec.exchange/@Georg3...
What if all of this was a ploy to get people to use advanced hunting / E5 #asr #asrrules #defender #signature #ASRmagedon #ASRmageddon
https://infosec.exchange/@Georg3...What if all of this was a ploy to get people to use advanced hunting / E5 #asr #asrrules #defender #signature #ASRmagedon #ASRmageddon
16.1.2023 10:15What if all of this was a ploy to get people to use advanced hunting / E5 #asr #asrrules #defender #signature #ASRmagedon #ASRmageddonhttps://infosec.exchange/@Georg3...
Great rule for finding out via advanced hunting what defender deleted```DeviceEvents| where ActionType ==...
https://infosec.exchange/@Georg3...Great rule for finding out via advanced hunting what defender deleted
```
DeviceEvents
| where ActionType == "AsrOfficeMacroWin32ApiCallsBlocked" and Timestamp >= datetime("2023-01-13 00:00:00Z")
| order by Timestamp
| where FileName endswith ".lnk"
```
Thanks reddit
#ASRmagedon #asr #defender #signature
13.1.2023 18:26Great rule for finding out via advanced hunting what defender deleted```DeviceEvents| where ActionType ==...https://infosec.exchange/@Georg3...
I've created a powershell script to try to fix the mess with the startmenu. It requires you to get the lnk files from some other pc but...
https://infosec.exchange/@Georg3...I've created a powershell script to try to fix the mess with the startmenu. It requires you to get the lnk files from some other pc but it should help in restoring from this
https://github.com/Georg311/RecreateStartMenu/
#defender #signature #ASRmagedon #ASR
https://infosec.exchange/@Georg3...
I've created a powershell script to try to fix the mess with the startmenu. It requires you to get the lnk files from some other pc but...
https://infosec.exchange/@Georg3...I've created a powershell script to try to fix the mess with the startmenu. It requires you to get the lnk files from some other pc but it should help in restoring from this
https://github.com/Georg311/RecreateStartMenu/
#defender #signature #ASRmagedon #ASR
https://infosec.exchange/@Georg3...
They're tracking the problem under MO497128 #ASR #defender #defender "workaround" is to set the Office Macro Win32 System...
https://infosec.exchange/@Georg3...They're tracking the problem under MO497128 #ASR #defender #defender
"workaround" is to set the Office Macro Win32 System Calls rule to audit only #ASRmageddon
https://infosec.exchange/@Georg3...
#defender #signature desaster has a name: #ASRmageddon
https://infosec.exchange/@Georg3...#defender #signature desaster has a name: #ASRmageddon
13.1.2023 12:00#defender #signature desaster has a name: #ASRmageddonhttps://infosec.exchange/@Georg3...
Seems to be an ASR Rule"Block Win32 API calls from Office Macro ASR"
https://infosec.exchange/@Georg3...Seems to be an ASR Rule
"Block Win32 API calls from Office Macro ASR"
https://infosec.exchange/@Georg3...
#defender #signature #update #taskbar https://www.reddit.com/r/sysadmin/comments/10ar1vb/multiple_users_reporting_microsoft_apps_have/
https://infosec.exchange/@Georg3...#defender #signature #update #taskbar https://www.reddit.com/r/sysadmin/comments/10ar1vb/multiple_users_reporting_microsoft_apps_have/
13.1.2023 11:05#defender #signature #update #taskbar https://www.reddit.com/r/sysadmin/comments/10ar1vb/multiple_users_reporting_microsoft_apps_have/https://infosec.exchange/@Georg3...
https://www.reddit.com/r/sysadmin/comments/10arfxt/potentially_faulty_virus_definition_update/
https://infosec.exchange/@Georg3...https://www.reddit.com/r/sysadmin/comments/10arfxt/potentially_faulty_virus_definition_update/
13.1.2023 11:05https://www.reddit.com/r/sysadmin/comments/10arfxt/potentially_faulty_virus_definition_update/https://infosec.exchange/@Georg3...
Heads Up - there's a #defender #signature #update which kills all shortcuts in the startmenu and on the taskbar
https://infosec.exchange/@Georg3...Heads Up - there's a #defender #signature #update which kills all shortcuts in the startmenu and on the taskbar
13.1.2023 11:05Heads Up - there's a #defender #signature #update which kills all shortcuts in the startmenu and on the taskbarhttps://infosec.exchange/@Georg3...
How do you keep up with all the stuff? sometimes i wish my day had 48hrs..#priorities #priorities
https://infosec.exchange/@Georg3...How do you keep up with all the stuff? sometimes i wish my day had 48hrs..
#priorities #priorities
https://infosec.exchange/@Georg3...
Oh my... Thinking how Bad the #circleci breach may be...Let's See how it unravels
https://infosec.exchange/@Georg3...Oh my... Thinking how Bad the #circleci breach may be...
Let's See how it unravels
https://infosec.exchange/@Georg3...
If you don't depend on #odbc or #scvmm that is
https://infosec.exchange/@Georg3...If you don't depend on #odbc or #scvmm that is
16.12.2022 04:26If you don't depend on #odbc or #scvmm that ishttps://infosec.exchange/@Georg3...
