ITSEC Newsletter
Posts
ITSEC Newsletter 2023-05-25

ITSEC Newsletter 2023-05-25

Red team is best team

Henrik Falk
May 25, 2023

Direct Syscalls vs Indirect Syscalls - RedOps

redops.at/en/blog/direct-syscalls-vs-indirect-syscalls

“The goal of this article is to rewrite a direct syscall dropper into an indirect syscall dropper, analyse both droppers with x64dbg, and understand the difference between direct syscalls and indirect syscalls. Also, at the end of the article, I will talk a bit about the limitations of Indirect Syscalls in the context of EDR evasion.”

Walking the Tightrope: Maximizing Information Gathering while Avoiding Detection for Red Teams - TrustedSec

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

www.trustedsec.com/blog/walking-the-tightrope-maximizing-information-gathering-while-avoiding-detection-for-red-teams

"Analyze the balance between gaining useful information and avoiding detection, detailing recon techniques that can be employed without compromising stealth."

The Evolution of Covert Communication: From Domain Fronting to PaaS Redirectors - BC Security

In cybersecurity, techniques evolve rapidly as defenders and attackers adapt to the ever-changing landscape. This article will explore an exemplary example of this evolution in transitioning from Domain Fronting to Platform as a Service (PaaS) Redirectors. The Rise and Fall of Domain Fronting Domain fronting was a popular method used [...]

www.bc-security.org/the-evolution-of-covert-communication-from-domain-fronting-to-paas-redirectors

"In cybersecurity, techniques evolve rapidly as defenders and attackers adapt to the ever-changing landscape. This article will explore an exemplary example of this evolution in transitioning from Domain Fronting to Platform as a Service (PaaS) Redirectors."

Infecting SSH Public Keys with backdoors

In this article, you will learn how to add a backdoor to the SSH Public Key. The backdoor will execute whenever the user logs in. The backdoor hides as an unreadable long hex-string inside ~/.ssh/authorized_keys or ~/.ssh/id_*.pub. The source is avai...

blog.thc.org/infecting-ssh-public-keys-with-backdoors

"In this article, you will learn how to add a backdoor to the SSH Public Key. The backdoor will execute whenever the user logs in. The backdoor hides as an unreadable long hex-string inside ~/.ssh/authorized_keys or ~/.ssh/id_*.pub."