/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

darkatlas.io
| | blog.talosintelligence.com
2.9 parsecs away

Travel
| | Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.
| | forensicitguy.github.io
3.6 parsecs away

Travel
| | In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here:
| | www.darkoperator.com
3.9 parsecs away

Travel
| | [AI summary] The provided text discusses various methods to secure PowerShell environments against potential threats, focusing on monitoring, logging, and policy enforcement. It outlines the use of Group Policy to enable module logging, which helps track PowerShell cmdlet activities. The text also covers the use of Software Restriction Policies (SRP) and AppLocker for controlling application execution. Additionally, it mentions the PowerShell v3 feature __PSLockdownPolicy as a tool for restricting PowerShell functionalities. The author emphasizes the importance of planning and testing these security measures in a controlled environment to ensure effectiveness.
| | unit42.paloaltonetworks.com
14.7 parsecs away

Travel
| RCE vulnerability CVE-2023-3519 affects Citrix NetScaler products. This threat brief examines the current evidence, attack scope and interim guidance.