APT ANALYSIS

Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune Blog: https://temp43487580.github.io/intune/bypass-enrollment-restictions-to-break-byod-barriers-in-intune/ ⭐️@APTANALYSIS

Bring your own vulnerable driver’ attack technique is becoming popular among threat actors https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/ To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set out to develop a toolkit leveraging a kernel-level read/write primitive to bypass security mechanisms such as LSASS’s RunasPPL protection and to enumerate and remove EDR telemetry via kernel callback manipulation. For the vulnerable driver, I used the well-known RTCore64.sys from MSI Afterburner. ⭐️@APTANALYSIS

♣️Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries 👁‍🗨Blog : https://any.run/cybersecurity-blog/salty2fa-technical-analysis/ ♣️Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks 👁‍🗨Blog : https://www.trendmicro.com/en_no/research/25/h/crypto24-ransomware-stealth-attacks.html ⭐️@APTANALYSIS

♣️Pay2Keys Resurgence 👁‍🗨PDF : https://engage.morphisec.com/hubfs/Pay2Key_Iranian_Cyber_Warfare_Targets_the_West_Whitepaper.pdf ⭐️@APTANALYSIS

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/

CrossC2 framework generate CobaltStrike's cross-platform payload: https://github.com/gloxec/CrossC2.git Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html?m=1

Netexec Workshop Active Directory Lab Writeup Blog: https://blog.anh4ckin.ch/posts/netexec-workshop2k25/ ⭐️@APTANALYSIS

What is KawaLocker ransomware? https://www.huntress.com/blog/kawalocker-ransomware-deployed ⭐️@APTANALYSIS

♣️Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) 🐺Blog : https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256 ⭐️@APTANALYSIS

♣️Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) Blog : https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256 ⭐️@APTANALYSIS

FileJacking – Initial Access with File System API https://print3m.github.io/blog/filejacking-initial-access-with-file-system-api ⭐️@APTANALYSIS

CVE-2025–32713: Windows Common Log File System Driver Local Privilege Escalation Vulnerability https://hackyboiz.github.io/2025/08/13/ogu123/cve-2025%E2%80%9332713/ ⭐️@APTANALYSIS

APT-C-36 (Blind Eagle) group escalates its tactics in new attack campaigns [1]https://mp.weixin.qq.com/s/wLDUwr3WVuO37eAOrXs8ag [2]https://mp.weixin.qq.com/s/DDCCjhBjUTa7Ia4Hggsa1A ⭐️@APTANALYSIS

♣️AlphabeticalPolyShellGen: Generate an Alphabetical Polymorphic Shellcode 😈Repo : https://github.com/Maldev-Academy/AlphabeticalPolyShellGen ⭐️@APTANALYSIS

Solemn A command-line tool to manually add drivers to the HVCI (Memory Integrity) custom blocklist on Windows, based on research by Yarden Shafir ⭐️@APTANALYSIS

Windows 11 24H2 Runtime PatchGuard Bypass ⭐️@APTANALYSIS

♣️Turning Camera Surveillance on its Axis 🌟Blog : https://claroty.com/team82/research/turning-camera-surveillance-on-its-axis ⭐️@APTANALYSIS

♣️CVE-2025-50154 : Zero Click, One NTLM: Microsoft Security Patch Bypass 🐱Blog : https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ ⭐️@APTANALYSIS

♣️FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) 😈Blog : https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970 ⭐️@APTANALYSIS