ITSEC Newsletter 2023-08-03

Red team is best team

Author

Henrik Falk
August 03, 2023

From soup to nuts: Building a Detection-as-Code pipeline

Part 1 of 2

medium.com/threatpunter/from-soup-to-nuts-building-a-detection-as-code-pipeline-28945015fc38

“In this two part blog series, I’ll share a methodology for building and implementing a DAC pipeline from start to finish. I’ll be utilizing a practical detection use case to show a process for creating, testing, deploying, and modifying detections using DAC principles.“

The Legacy of Stagefright

Introduction Every so often a piece of security research will generate a level of excitement and buzz that's palpable. Dan Kaminsky's DNS bug, Barnaby Jack's ATM Jackpotting, Chris Valasek and Charlie Miller's Jeep hacking escapades. There's something special about the overheard conversations, the whispered sightings of the superstar du jour,

blog.isosceles.com/the-legacy-of-stagefright

"Every so often a piece of security research will generate a level of excitement and buzz that's palpable. Dan Kaminsky's DNS bug, Barnaby Jack's ATM Jackpotting, Chris Valasek and Charlie Miller's Jeep hacking escapades. There's something special about the overheard conversations, the whispered sightings of the superstar du jour, and the packed-to-the-rafters conference hall. These moments have delivered something more than just research: they delivered entertainment.”

Evading JavaScript Anti-Debugging Techniques

Debuggers serve as invaluable tools that empower developers to halt code execution and thoroughly analyze its behavior at any given moment. By utilizing debuggers, developers can efficiently identify and resolve issues within their code, making it an indispensable part of their toolkit.

www.nullpt.rs/evading-anti-debugging-techniques

“Once upon a time, whenever you tried to open your devtools on Supreme's website, you found yourself trapped in a pesky debugger loop. This made it incredibly annoying to reverse engineer their anti-bot scripts.“