APT ANALYSIS

🎁 Computed cache list 2 ♣️OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines 💫Blog : https://www.aquasec.com/blog/risks-misconfigured-kubernetes-policy-engines-opa-gatekeeper ♣️Exploiting Misconfigured Network Shares: A Gateway to Sensitive Information 💫Blog : https://habr.com/ru/companies/ussc/articles/878340 ♣️Lifting Binaries, Part 0: Devirtualizing VMProtect and Themida: It's Just Flattening 💫Blog : https://nac-l.github.io/2025/01/25/lifting_0.html ⭐️@APTANALYSIS

🎁 Computed cache list 1 ♣️Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign 💫Blog : https://securityscorecard.com/blog/operation-phantom-circuit-north-koreas-global-data-exfiltration-campaign/ ♣️Recent cases of watering hole attacks: Part 1,2 💫Blog : https://blog.apnic.net/2025/01/31/recent-cases-of-watering-hole-attacks-part-1/ [p2] ♣️Analysis of payloads used by the APT-C-60 (Pseudo Hunter) organization in recent years 💫Blog : QQ ♣️APT-C-26 (Lazarus) continues to upgrade its attack weapons, using Electron programs to target the cryptocurrency industry 💫Blog : QQ ♣️LockBit - Persistent TTPs in the Larger Ecosystem 💫Blog : https://redsense.com/publications/lockbit-persistent-ttps-in-larger-ecosystem/ ⭐️@APTANALYSIS

♣️Malware Spotlight : RansomHub Ransomware ⚠️Blog : https://areteir.com/article/malware-spotlight-ransomhub-ransomware/ ⭐️@APTANALYSIS

♣️Analysis of malicious HWP cases of 'APT37' group distributed through K messenger 🌎Blog : https://www.genians.co.kr/blog/threat_intelligence/k-messenger ⭐️@APTANALYSIS

♣️Exploit Development : Investigating Kernel Mode Shadow Stacks on Windows 🤩Blog : https://connormcgarr.github.io/km-shadow-stacks ♣️Disassembling a binary: linear sweep and recursive traversal 🤩Blog :https://nicolo.dev/en/blog/disassembling-binary-linear-recursive/ ⭐️@APTANALYSIS

♣️Linux Detection Engineering - A Continuation on Persistence Mechanisms 👁Blog : https://www.elastic.co/security-labs/continuation-on-persistence-mechanisms ⭐️@APTANALYSIS

♣️Race Conditions Moderno Del Windows Kernel 📺https://wetw0rk.github.io/posts/0x08-race-conditions-moderno-del-windows-kernel ♣️Modern Windows Kernel Race Conditions 📺https://wetw0rk.github.io/posts/0x08-modern-windows-kernel-race-conditions/ ⭐️@APTANALYSIS

♣️Reverse Engineering and Cataloging Vidar (Info stealer/Loader) 👁Blog : https://thetrueartist.co.uk/index.php/2025/02/01/reverse-engineering-and-cataloging-vidar-info-stealer-loader/ 👁Full analysis: https://app.any.run/tasks/283a1f33-7238-44a1-9958-c4bb1ba65416 ⭐️@APTANALYSIS

♣️Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) 📨Blog : https://birkep.github.io/posts/Windows-LPE/ ⭐️@APTANALYSIS

♣️The Hunt for RedCurl 🔥Blog : https://www.huntress.com/blog/the-hunt-for-redcurl-2 ⭐️@APTANALYSIS

♣️A short Introduction to BloodHound Custom Queries ❤️Blog : https://www.8com.de/cyber-security-blog/a-short-introduction-to-bloodhound-custom-queries ♣️Exploring Heap Exploitation Mechanisms: Understanding the House of Force Technique ❤️Blog : https://www.darkrelay.com/post/exploring-heap-exploitation-mechanisms-understanding-the-house-of-force-technique ⭐️@APTANALYSIS

♣️Lynx Ransomware-as-a-Service 👁‍🗨Blog : https://www.group-ib.com/blog/cat-s-out-of-the-bag-lynx-ransomware ⭐️@APTANALYSIS

♣️APT28,THE LONG HANDOF RUSSIAN INTERESTS 📁PDF. Download Link ⭐️@APTANALYSIS

♣️Windows CLFS heap-based buffer overflow analysis (CVE-2024-49138) Part 1 : https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-1 Part 2 : https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-2 ⭐️@APTANALYSIS

♣️CVE-2024-53704 : SonicWall SonicOS authentication bypass

*Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 *Gen7 NSv – NSv 270, NSv 470, NSv 870 *TZ80

⚰️Blog : https://attackerkb.com/topics/UB3P3xHVAo/cve-2024-53704/rapid7-analysis ⭐️@APTANALYSIS

♣️Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass (CVE-2024-55591) ⌛Blog : https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/ ⭐️@APTANALYSIS

♣️Attacks on maven proxy repositories 🤍Blog : https://github.blog/security/vulnerability-research/attacks-on-maven-proxy-repositories/ ⭐️@APTANALYSIS

♣️Next.js, cache & chains : the stale elixir (CVE-2024-46982) 🌟Blog : https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir ⭐️@APTANALYSIS

♣️Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

🔥Blog : https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344 ⭐️@APTANALYSIS

♣️Vulnerability Hunting Planet WGS-804HPT Industrial Switch 🤍Blog : https://claroty.com/team82/research/hack-the-emulated-planet-vulnerability-hunting-planet-wgs-804hpt-industrial-switch ⭐️@APTANALYSIS