Bunt hier bei den schwarzen Massen!!
#LoTL
📰 SharePoint Flaw Chain Exploited to Deploy Warlock Ransomware
Ransomware alert: Storm-2603 exploits SharePoint flaws (CVE-2025-49706) to deploy Warlock ransomware. Attackers abuse the legitimate DFIR tool 'Velociraptor' to evade detection. Patch SharePoint now! ⚠️ #Ransomware #SharePoint #LotL
Living off the Land: Как легитимные утилиты стали оружием в руках хакеров на примере Rare Werewolf
В мире кибербезопасности уже не первый год набирает популярность тактика «Living off the Land» (LOTL) — «живущие за счёт земли». Её суть заключается в том, чтобы максимально использовать легитимное программное обеспечение и встроенные функции операционной системы для достижения злонамеренных целей. Это позволяет злоумышленникам эффективно маскироваться на заражённой системе, ведь активность программ вроде curl.exe, AnyDesk.exe или установщика WinRAR редко вызывает подозрения у рядовых пользователей и даже у некоторых систем защиты. Давайте детально разберём один из ярких примеров использования этой тактики, чтобы наглядно увидеть, как безобидные, на первый взгляд, программы могут быть превращены в мощное оружие для целевой атаки. Всем привет! Меня зовут Александр, я вирусный аналитик и реверс-инженер. Подписывайтесь на мой тг-канал - там много полезного контента. Поднять занавес атаки
https://habr.com/ru/articles/967934/
#анализ_вредоносов #реверсинжиниринг #Librarian_Ghouls #Rare_Werewolf #living_off_the_land #lotl #malware_analysis #троян #стилер #упаковщик
I had to cut this one down a bit too because it didn't even fit in the GD frame, nvm the mounting board. However it fits in much better than the card because the text isn't really necessary. I might change the picture out at one point but I really like this look and photograph. Not sure if it was the photographer they use now, but he takes amazing photos. The lighting is always so nice.
#LordOfTheLost #LotL #musicartwork #photography
Heute gibt’s was auf die Ohren.
🤘
#dusseldorf #MitsubishiElectricHalle #LOTL #LordOfTheLost #Feuerschwanz
Klaas and Benji have their collage pages done. I haven't done the drawing pages yet cos I can't really focus enough at the moment but hopefully soon.
Bits of an old calendar, some crepe wrapping paper, the Japanese napkins and some stickers my friend sent me. And ofc the lyric strips thanks to my charity shop typewriter:)
#scrapbooking #lotl #lordofthelost
👨💻 Evasive #malware is on the rise, and in our latest webinar, #ANYRUN experts revealed how to detect #phishkits, #ClickFix, and #LOTL attacks.
These methods help SOC teams cut triage time, gain better threat visibility, and respond faster.
Two days sleeping/bed rotting after a relatively ok Saturday...things not been very good tbh but I managed to just do the centrefold of my #lotl journal.
Nearly had a meltdown trying to get the paper into my typewriter before - after twenty minutes - realising I was actually putting it in the wrong place.
#scrapbooking #lordofthelost #journal
Being off work has freed up my brain and I've been able to make more and draw more. Let's see how it continues when I go back.
Obsessed with Kim Kitsuragi from Disco Elysium, despite having only played Day 1 so far...kinda scared to carry on because it seems like it's gonna be really intense and I will be sad when it's over, like RDR2. Mixture of the quiet kindness and patience with the sexy voice I think. Plus I think he likes notebooks and I think that's cute.
#discoelysium #kimkitsuragi #lotl
Morning, cyber pros! It's been a bit quiet over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a nasty WhatsApp zero-day, some clever abuse of forensic tools for C2, and a new infostealer campaign leveraging fake PDF editors. Let's dive in:
Actively Exploited Zero-Days in WhatsApp and Apple ⚠️
- WhatsApp has patched CVE-2025-55177, a vulnerability in its iOS and macOS apps, which may have been exploited in the wild.
- This flaw, related to insufficient authorisation of linked device sync messages, is believed to have been chained with Apple's CVE-2025-43300, an ImageIO out-of-bounds write, for targeted zero-click attacks.
- Amnesty International confirmed WhatsApp notified targeted individuals, including civil society members, suggesting an advanced spyware campaign. Users should factory reset and keep all software updated.
🤔 The Hacker News | https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html
New Tradecraft: Velociraptor Abuse, Teams Phishing, and Infostealer Campaigns 🛡️
- Threat actors are evolving their living-off-the-land tactics by abusing legitimate tools like Velociraptor, an open-source forensic platform, to establish C2 tunnels and deploy Visual Studio Code.
- We're also seeing a rise in Microsoft Teams phishing, where attackers impersonate IT help desks to deliver remote access tools and PowerShell payloads for credential theft and RCE, bypassing traditional email defences.
- A new infostealer, "TamperedChef," is being distributed via fraudulent PDF editing apps promoted through Google ads, with the malicious payload activated days after installation to evade initial detection. Some of these apps also turn user systems into residential proxies.
🤔 The Hacker News | https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tamperedchef-infostealer-delivered-through-fraudulent-pdf-editor/
#CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #Vulnerability #WhatsApp #Apple #Malware #Infostealer #Velociraptor #MicrosoftTeams #Phishing #SocialEngineering #LotL #IncidentResponse
Annoyed that I borked the cover but the inside looks nice. Have done Pi's pages, and Nik's pages are done (though I wanna add something to the drawing page, like Pi's). Tomorrow is Chris' pages.
#junkjournal #LotL #LordOfTheLost #scrapbook #art #drawings
heise+ | Cyberangriffe ohne Malware: Living off the Land | iX Magazin https://www.heise.de/hintergrund/Cyberangriffe-ohne-Malware-Living-off-the-Land-10348800.html #heiseplus #LoTL #LOL #CyberCrime #Hacking
Popular Medusa Ransomware utilizes many LOTL (Living of the Land) techniques - CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a #cybersecurity #ransomware #Medusa #LOTL #Windows #CISA
for Route53 fanbois out there such as myself, I wrote a dynamic dns client under living off the land constraints.
https://www.new23d.com/living-off-the-land-dynamic-dns-for-route-53/
"Living off the Land (LOTL) attacks: How North Korea’s Lazarus Group Hackers Exploited Windows" published by SystemWeakness. #LOTL, #Lazarus, #DPRK, #CTI https://systemweakness.com/living-off-the-land-lotl-attacks-how-north-korea-lazarus-group-hackers-exploited-windows-a46ee8fb945f
More food for thought... Human operated attacks can be hard to detect.
Especially if they are of the #LOTL variety.
Or perhaps not hard to detect, but tricky to adjudicate. This is why an MDR service is valuable.
1/3
Was looking for a good Awesome list on Living Off the Land ( #LOL #LOtL ) tools/techniques. Found some helpful sites / repos but either nothing I could contribute to or it was limited.
So... I made one: https://github.com/danzek/awesome-lol-commonly-abused
Contributions welcome, whether by replying to this post or sending a PR on GitHub.
🔍 "If you can’t see what’s happening on your network, you can’t defend it." – Brian Dye, CEO of Corelight.
What if the biggest threat isn’t something from outside, but something that’s already inside your network?
In the latest episode of Exploring Information Security, Brian Dye discusses with Timothy De Block the challenge of detecting Living off the Land (#LotL) attacks, why gaining complete network visibility is crucial for defending against these evolving threats, and much more... 👀
🎧 Catch the full episode here: https://exploresec.com/eis/2024/1/2/shownotes-template-y3ecp-l5yfp-7d4gw
Wer ist noch beim #Lordfest in der #sporthallehamburg ?
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst