Issue 20  

Welcome

Hello and Welcome All

Hope everyone had a Haunted ... but Happy ... Halloween!

Thank you to our Meeting Presenters who did a terrific job sharing information. Always a new angle or thought process to consider.

Interested in helping out...Reach out to us on our contact page at ISC2CT.org.

Check out our site in a week to see upcoming events and our Holiday Party!

ISC2CT  

GitTech (Use Caution)

GitHub - ryd3v/notesVault: notesVault Encrypted Notes App

notesVault Encrypted Notes App. Contribute to ryd3v/notesVault development by creating an account on GitHub.

github.com  

GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface. - GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

github.com  

Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365 - Black Hills Information Security

By Beau Bullock & Steve Borosh TL;DR We built a post-compromise toolset called GraphRunner for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and […]

blackhillsinfosec.com  

Cyber News

New CIS Benchmark for M365 -

New CIS Benchmark for M365

nouseless.tech  

Critically close to zero (day): Exploiting Microsoft Kernel streaming service

Microsoft recently found and patched a vulnerability in the Microsoft Kernel streaming service. Learn more here.

securityintelligence.com  

HackBlue

Lots of good info. Worth a look. Looks like something new.

hackblue.org  

Make Your tools speak. | by Whalebone | Oct, 2023 | Medium

A lot of information can be collected during the reconnaissance process. To do this, you need to be patient and follow precise automated steps to get to a specific point or a situation that’s worth checking for vulnerabilities. This is because a significant amount ...

medium.com  

Quiz - SocVel.com

The SocVel Cybersecurity Quiz [1 OCT 2023] Play this week's quiz, jam-packed with 10 of the most interesting #infosec stories from the past week. Play now!

socvel.com  

SensePost | Browsers’ cache smuggling

...present a technique in which an attacker social engineers a target employee to visit a web site. The web site will then silently place a DLL payload in the browser’s cache, disguised as an image...

sensepost.com  

APT Encounters of the Third Kind - Igor’s Blog

A few weeks ago an ordinary security assessment turned into an incident response whirlwind. It was definitely a first for me, and I was kindly granted permission to outline the events in this blog post. This investigation started scary but turned out be quite fun, and I hope reading it will be informative to you too ...

github.io  

Perfect DLL Hijacking | Elliot on Security

Disengaging Loader Lock to do anything directly from DLLMain...

elliotonsecurity.com  

No spam, EVER. We'll never share your email address and you can opt out at any time. Newsletter is sent on the first of every month.