APT ANALYSIS

♣️Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP Blog : https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap ⭐️@APTANALYSIS

♣️Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware 🌟Blog : https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html ♣️Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery 🌟Blog : https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery ♣️APT MuddyWater Deploys Multi-Stage Phishing to Target CFOs 🌟Blog : https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos ♣️Phantom Pains: A Massive Cyber Espionage Campaign and Possible Split of the PhantomCore APT Group 🌟Blog : https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/phantom-pains-a-large-scale-cyber-espionage-campaign-and-a-possible-split-of-the-apt-group-phantomcore/#id1 ♣️Think before you Click(Fix): Analyzing the ClickFix social engineering technique 🌟Blog : https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/ ♣️A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor 🌟Blog : https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/ ♣️Examining the tactics of BQTLOCK Ransomware & its variants 🌟Blog : https://labs.k7computing.com/index.php/examining-the-tactics-of-bqtlock-ransomware-its-variants/ ⭐️@APTANALYSIS

Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune Blog: https://temp43487580.github.io/intune/bypass-enrollment-restictions-to-break-byod-barriers-in-intune/ ⭐️@APTANALYSIS

Bring your own vulnerable driver’ attack technique is becoming popular among threat actors https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/ To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set out to develop a toolkit leveraging a kernel-level read/write primitive to bypass security mechanisms such as LSASS’s RunasPPL protection and to enumerate and remove EDR telemetry via kernel callback manipulation. For the vulnerable driver, I used the well-known RTCore64.sys from MSI Afterburner. ⭐️@APTANALYSIS

♣️Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries 👁‍🗨Blog : https://any.run/cybersecurity-blog/salty2fa-technical-analysis/ ♣️Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks 👁‍🗨Blog : https://www.trendmicro.com/en_no/research/25/h/crypto24-ransomware-stealth-attacks.html ⭐️@APTANALYSIS

♣️Pay2Keys Resurgence 👁‍🗨PDF : https://engage.morphisec.com/hubfs/Pay2Key_Iranian_Cyber_Warfare_Targets_the_West_Whitepaper.pdf ⭐️@APTANALYSIS

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/

CrossC2 framework generate CobaltStrike's cross-platform payload: https://github.com/gloxec/CrossC2.git Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html?m=1

Netexec Workshop Active Directory Lab Writeup Blog: https://blog.anh4ckin.ch/posts/netexec-workshop2k25/ ⭐️@APTANALYSIS

What is KawaLocker ransomware? https://www.huntress.com/blog/kawalocker-ransomware-deployed ⭐️@APTANALYSIS

♣️Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) 🐺Blog : https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256 ⭐️@APTANALYSIS

♣️Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) Blog : https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256 ⭐️@APTANALYSIS

FileJacking – Initial Access with File System API https://print3m.github.io/blog/filejacking-initial-access-with-file-system-api ⭐️@APTANALYSIS

CVE-2025–32713: Windows Common Log File System Driver Local Privilege Escalation Vulnerability https://hackyboiz.github.io/2025/08/13/ogu123/cve-2025%E2%80%9332713/ ⭐️@APTANALYSIS

APT-C-36 (Blind Eagle) group escalates its tactics in new attack campaigns [1]https://mp.weixin.qq.com/s/wLDUwr3WVuO37eAOrXs8ag [2]https://mp.weixin.qq.com/s/DDCCjhBjUTa7Ia4Hggsa1A ⭐️@APTANALYSIS

♣️AlphabeticalPolyShellGen: Generate an Alphabetical Polymorphic Shellcode 😈Repo : https://github.com/Maldev-Academy/AlphabeticalPolyShellGen ⭐️@APTANALYSIS

Solemn A command-line tool to manually add drivers to the HVCI (Memory Integrity) custom blocklist on Windows, based on research by Yarden Shafir ⭐️@APTANALYSIS

Windows 11 24H2 Runtime PatchGuard Bypass ⭐️@APTANALYSIS

♣️Turning Camera Surveillance on its Axis 🌟Blog : https://claroty.com/team82/research/turning-camera-surveillance-on-its-axis ⭐️@APTANALYSIS