
ChatGPT Powered Malware Bypasses EDR
In research by Jeff Sims at HYAS, he creates “Blackmamba,” an “AI synthesize polymorphic keylogger” that uses python to modify its program randomly. The basic components of this polymorphic keylogger require a LLM, large language model like ChatGPT. The malicious...

Comparing vulnerability assessment with MITRE ATT&CK based gap analysis
The title of this blog post may not be entirely correct, as it is difficult to compare vulnerability assessment with MITRE ATT&CK based gap assessment in objective measures. However, this post aims to evangelize the joint raison d'être of vulnerability assessment...

Windows zero-day & Outlook zero-day resolved
The company corrects actively exploited vulnerabilities that affected Microsoft Outlook and the Windows OS in this month's batch of security updates. Microsoft plugged two zero-days, one affecting Windows systems and another in Microsoft Outlook, for March...

Sysmon vs Microsoft Defender for Endpoint
It is not a big secret that we at FalconForce work a lot with, and are big fans of, both Microsoft Defender for Endpoint (MDE) and Sysinternals Sysmon. I still use and maintain my Sysmon-modular configuration project quite frequently. One of the questions we quite...

How to turn traffic lights green with Flipper Zero?
We've talked about this tiny gadget before: the Flipper Zero. Officially, it's a $170 tamagotchi-fied hacking gadget with a sub-gigahertz radio and some accessory pins. Unofficially, it's a menace's best friend. Most recently, one tinkerer named Peter Fairlie took to...

Detecting common Linux persistence techniques with Wazuh
Persistence techniques are mechanisms or configurations threat actors use to maintain illicit access to compromised endpoints after gaining initial access. Persistence guarantees that attackers have endpoint access regardless of system restarts, changed credentials,...

Security alerts | February 2023
Below you will find information about the current security alerts of February 2023. VMware ESXi – CVE-2021-21974 A new vulnerability was reported by security researchers. This article describes an explosion in the compromises of VMware ESXi hypervisors with...

OSI model from a different angle | Infographic
The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of [ISO] standards development for the purpose of systems interconnection'. In the OSI reference model, the communications between a computing...

Google Translate Helps BEC Groups Scam Companies in Any Language
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally. Business email compromise (BEC) attacks involve impersonating an executive or business partner in...