Pratik Raval
@infosecpratik.bsky.social
I'm an infosec professional focused on digital forensics incident response, Malware reverse engineering detection engineering overall cyber defence space.
I'm leading team of cyber defenders.
I'm leading team of cyber defenders.
Reposted by Pratik Raval
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.
portswigger.net/research/sam...
portswigger.net/research/sam...
SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library
portswigger.net
March 18, 2025 at 2:57 PM
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.
portswigger.net/research/sam...
portswigger.net/research/sam...
Reposted by Pratik Raval
🎙️ New Episode: Building and Maintaining Your InfoSec Career
Want to break into InfoSec or level up your career? Bob & Alice cover career paths, key skills, and real-world tips to help you succeed—perfect for beginners & pros!
🔗 Listen: creators.spotify.com...
Building and Maintaining Your InfoSec Career by InfoSec Deep Dive
Join Bob and Alice in this episode of InfoSec Deep Dive as they explore the exciting world of cybersecurity careers. From ethical hackers to forensic analysts, security engineers to GRC strategists, they break down diverse career paths and the skills you need to succeed.
Discover how to gain hands-on experience, overcome challenges like imposter syndrome, and stay ahead in this ever-evolving field. Packed with insights, resources, and practical advice, this episode is your roadmap to thriving in InfoSec!
Sources Referenced:
Cybersecurity Career Paths: Which One Is Right for You?
The DFIR Report Mentoring & Coaching Program
How To Get A Job In Infosec
2024 in Review: Helping InfoSec Professionals Achieve Their Goals
How to Get a Job in Cybersecurity
Book: Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
creators.spotify.com
January 6, 2025 at 3:30 PM
🎙️ New Episode: Building and Maintaining Your InfoSec Career
Want to break into InfoSec or level up your career? Bob & Alice cover career paths, key skills, and real-world tips to help you succeed—perfect for beginners & pros!
🔗 Listen: creators.spotify.com...
Reposted by Pratik Raval
Happy New Year! I partnered with @13cubed.bsky.social for a giveaway of his XPlat training/certification Bundle!
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
January 1, 2025 at 10:48 PM
Happy New Year! I partnered with @13cubed.bsky.social for a giveaway of his XPlat training/certification Bundle!
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
Reposted by Pratik Raval
This talk is a great way to watch/listen to the details behind the work @stevenadair.bsky.social, @5ck.bsky.social, @tlansec.bsky.social + Volexity’s #threatintel & IR teams did to investigate the Nearest Neighbor Attack. The related blog post is here: www.volexity.com/blog/2024/11...
December 13, 2024 at 1:58 PM
This talk is a great way to watch/listen to the details behind the work @stevenadair.bsky.social, @5ck.bsky.social, @tlansec.bsky.social + Volexity’s #threatintel & IR teams did to investigate the Nearest Neighbor Attack. The related blog post is here: www.volexity.com/blog/2024/11...
Reposted by Pratik Raval
Created a new repo to publish my MITRE ATT&CK mappings for when reports don't have a section on TTPs, hopefully useful for other defenders working on detection engineering & threat hunting.
github.com/BushidoUK/MI...
github.com/BushidoUK/MI...
github.com
December 4, 2024 at 10:54 AM
Created a new repo to publish my MITRE ATT&CK mappings for when reports don't have a section on TTPs, hopefully useful for other defenders working on detection engineering & threat hunting.
github.com/BushidoUK/MI...
github.com/BushidoUK/MI...
Reposted by Pratik Raval
Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc.
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts - SentinelLabs
We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.
s1.ai
November 21, 2024 at 11:26 AM
Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc.
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
Reposted by Pratik Raval
Great resource for training and testing in #DFIR. Thanks for sharing with the community @binaryz0ne.bsky.social
If you need datasets for your #DFIR training? Feel free to use any of my cases found in the URL below. They can be used for both academic or commercial training.
www.ashemery.com/dfir.html
www.ashemery.com/dfir.html
November 20, 2024 at 9:15 AM
Great resource for training and testing in #DFIR. Thanks for sharing with the community @binaryz0ne.bsky.social
Reposted by Pratik Raval
Det. Eng. Weekly Issue 93 is live! https://buff.ly/3UWj3xG
* 💎 by Andrew VanVleet on resiliency in your detection stack
* @anton1chuvakin.bsky.social on alert fatigue and reframing alert labeling to more than just false positives and true positives
(more in thread..)
* 💎 by Andrew VanVleet on resiliency in your detection stack
* @anton1chuvakin.bsky.social on alert fatigue and reframing alert labeling to more than just false positives and true positives
(more in thread..)
Det. Eng. Weekly #93 - Does a tangodown 3-peat count after a week off?
I take a week off publishing and a ransomware operator gets arrested, coincidence?
www.detectionengineering.net
November 20, 2024 at 2:12 PM
Det. Eng. Weekly Issue 93 is live! https://buff.ly/3UWj3xG
* 💎 by Andrew VanVleet on resiliency in your detection stack
* @anton1chuvakin.bsky.social on alert fatigue and reframing alert labeling to more than just false positives and true positives
(more in thread..)
* 💎 by Andrew VanVleet on resiliency in your detection stack
* @anton1chuvakin.bsky.social on alert fatigue and reframing alert labeling to more than just false positives and true positives
(more in thread..)
Reposted by Pratik Raval
🚨 New Research Drop:
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
DPRK IT Workers | A Network of Active Front Companies and Their Links to China
SentinelLabs has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.
www.sentinelone.com
November 21, 2024 at 3:00 PM
🚨 New Research Drop:
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
Reposted by Pratik Raval
The 12th annual @volatilityfoundation.org #PluginContest is OPEN for submissions! Contribute to the open source forensics community, gain visibility for your work + win prizes!
Details here: volatilityfoundation.org/the-12th-ann...
Submission Deadline: 31 December 2024
#dfir #memoryforensics
Details here: volatilityfoundation.org/the-12th-ann...
Submission Deadline: 31 December 2024
#dfir #memoryforensics
The 12th Annual Volatility Plugin Contest is Open!
The Volatility Plugin Contest is officially open for submissions! This is your opportunity to directly contribute to the open source forensics community and put groundbreaking capabilities into the…
volatilityfoundation.org
November 21, 2024 at 3:51 PM
The 12th annual @volatilityfoundation.org #PluginContest is OPEN for submissions! Contribute to the open source forensics community, gain visibility for your work + win prizes!
Details here: volatilityfoundation.org/the-12th-ann...
Submission Deadline: 31 December 2024
#dfir #memoryforensics
Details here: volatilityfoundation.org/the-12th-ann...
Submission Deadline: 31 December 2024
#dfir #memoryforensics
Reposted by Pratik Raval
💡Interested in #memoryforensics ? Follow
✅ @volexity.com
✅ @volatilityfoundation.org
✅ @attrc.bsky.social
✅ @rmettig.bsky.social
✅ @nolaforensix.bsky.social
➡️ more to come!
✅ @volexity.com
✅ @volatilityfoundation.org
✅ @attrc.bsky.social
✅ @rmettig.bsky.social
✅ @nolaforensix.bsky.social
➡️ more to come!
November 20, 2024 at 6:58 PM
💡Interested in #memoryforensics ? Follow
✅ @volexity.com
✅ @volatilityfoundation.org
✅ @attrc.bsky.social
✅ @rmettig.bsky.social
✅ @nolaforensix.bsky.social
➡️ more to come!
✅ @volexity.com
✅ @volatilityfoundation.org
✅ @attrc.bsky.social
✅ @rmettig.bsky.social
✅ @nolaforensix.bsky.social
➡️ more to come!
Reposted by Pratik Raval
I'm booting up my bluesky! For those that don't know me: I do security research and detection at Datadog, I currently run the newsletter Detection Engineering Weekly (deteng.io) and I post a lot about threat detection topics
Detection Engineering Weekly | Zack 'techy' Allen | Substack
The latest news and how-tos in detection engineering. Click to read Detection Engineering Weekly, by Zack 'techy' Allen, a Substack publication with tens of thousands of subscribers.
deteng.io
November 17, 2024 at 7:50 PM
I'm booting up my bluesky! For those that don't know me: I do security research and detection at Datadog, I currently run the newsletter Detection Engineering Weekly (deteng.io) and I post a lot about threat detection topics
Reposted by Pratik Raval
TrustedSec Tech Brief
00:30 - NTLM Hash Disclosure Zero-Day
01:45 - Task Scheduler Vulnerability
02:30 - Exchange Server Issues
03:15 - AD Certificate Services Flaw
04:00 - Vulnerability Breakdown
04:45 - Palo Alto Zero-Day
05:30 - FortiGate VPN Update
www.youtube.com/watch?v=3mSD...
00:30 - NTLM Hash Disclosure Zero-Day
01:45 - Task Scheduler Vulnerability
02:30 - Exchange Server Issues
03:15 - AD Certificate Services Flaw
04:00 - Vulnerability Breakdown
04:45 - Palo Alto Zero-Day
05:30 - FortiGate VPN Update
www.youtube.com/watch?v=3mSD...
TrustedSec Tech Brief - November 2024
YouTube video by TrustedSec
www.youtube.com
November 19, 2024 at 4:32 PM
TrustedSec Tech Brief
00:30 - NTLM Hash Disclosure Zero-Day
01:45 - Task Scheduler Vulnerability
02:30 - Exchange Server Issues
03:15 - AD Certificate Services Flaw
04:00 - Vulnerability Breakdown
04:45 - Palo Alto Zero-Day
05:30 - FortiGate VPN Update
www.youtube.com/watch?v=3mSD...
00:30 - NTLM Hash Disclosure Zero-Day
01:45 - Task Scheduler Vulnerability
02:30 - Exchange Server Issues
03:15 - AD Certificate Services Flaw
04:00 - Vulnerability Breakdown
04:45 - Palo Alto Zero-Day
05:30 - FortiGate VPN Update
www.youtube.com/watch?v=3mSD...
Recently I came across a blog which demonstrates extracting plaintext credentials/deactivation code from memory of end user device.
shells.systems/extracting-p...
#infosec #cybersecurity #redteam #dfir #redteam #purpleteam
shells.systems/extracting-p...
#infosec #cybersecurity #redteam #dfir #redteam #purpleteam
Extracting Plaintext Credentials from Palo Alto Global Protect - Shells.Systems
Estimated Reading Time: 5 minutes On a recent Red Team engagement, I was poking around having a look at different files and trying to see if I could extract any information that would allow me to mov...
shells.systems
November 20, 2024 at 9:29 AM
Recently I came across a blog which demonstrates extracting plaintext credentials/deactivation code from memory of end user device.
shells.systems/extracting-p...
#infosec #cybersecurity #redteam #dfir #redteam #purpleteam
shells.systems/extracting-p...
#infosec #cybersecurity #redteam #dfir #redteam #purpleteam
