BlackProxies service is gaining popularity among hackers
⚡️IB researchers from DomainTools found a new market of resident proxies, where, according to advertising, they sell access to a million proxy addresses around the world. Experts warn that BlackProxies is quickly gaining popularity among hackers, phishers, merchants and fraudsters, although it supposedly prohibits harmful and illegal actions.
According to experts, the appearance of a large platform of this kind is a notable event, considering that over the past couple of years, law enforcement agencies have closed several similar services, including RESNET and INSORG.
In the report, it is noted that resident proxies, as a rule, use the IP address of ordinary users, and not the address space of data centers, which makes them ideal for launching trading bots, as well as for criminals who want to " hide" in ordinary traffic. Sometimes users become proxy servers voluntarily (for a separate fee), but more often it happens because their computers, IoT devices and routers are infected with malware.
Cybercriminals, as a rule, use resident proxies to increase the effectiveness of their attacks, hiding from law enforcement and agencies blockers.
BlackProxies operators claim that they have access to a pool of 1,000,000 IP addresses from around the world, all of them come from real users, which ensures the required unlocking, low detection rate and good speed. In addition, the service offers an automatic rotation system that automatically updates the IP address, guaranteeing that every request is executed from a new address.
Also, a control panel with real-time usage statistics and a REST API are provided to service clients to ensure flexibility and possibly resale opportunities.
The price of BlackProxies services is estimated at 14 dollars per day, 39 dollars per week or 89 dollars per month (the trial package costs 4.9 dollars).
DomainTools analysts studied the platform and found that claims about a huge pool of IP addresses are false. Actually, the service has approximately 180,000 available IP addresses. Researchers note that this is still not much and significantly surpasses the possibilities of many other platforms and botnets.
It is also noted in the report that one of the infrastructure IP-addresses of the service was previously connected to other shadow platforms.
Bleeping Computer reports that currently BlackProxies is active on hacker forums, in topics devoted to credential stuffing attacks and account capture.
https://www.domaintools.com/resources/blog/purpose-built-criminal-proxy-services-and-the-malicious-activity-they-enable/
⚡️IB researchers from DomainTools found a new market of resident proxies, where, according to advertising, they sell access to a million proxy addresses around the world. Experts warn that BlackProxies is quickly gaining popularity among hackers, phishers, merchants and fraudsters, although it supposedly prohibits harmful and illegal actions.
According to experts, the appearance of a large platform of this kind is a notable event, considering that over the past couple of years, law enforcement agencies have closed several similar services, including RESNET and INSORG.
In the report, it is noted that resident proxies, as a rule, use the IP address of ordinary users, and not the address space of data centers, which makes them ideal for launching trading bots, as well as for criminals who want to " hide" in ordinary traffic. Sometimes users become proxy servers voluntarily (for a separate fee), but more often it happens because their computers, IoT devices and routers are infected with malware.
Cybercriminals, as a rule, use resident proxies to increase the effectiveness of their attacks, hiding from law enforcement and agencies blockers.
BlackProxies operators claim that they have access to a pool of 1,000,000 IP addresses from around the world, all of them come from real users, which ensures the required unlocking, low detection rate and good speed. In addition, the service offers an automatic rotation system that automatically updates the IP address, guaranteeing that every request is executed from a new address.
Also, a control panel with real-time usage statistics and a REST API are provided to service clients to ensure flexibility and possibly resale opportunities.
The price of BlackProxies services is estimated at 14 dollars per day, 39 dollars per week or 89 dollars per month (the trial package costs 4.9 dollars).
DomainTools analysts studied the platform and found that claims about a huge pool of IP addresses are false. Actually, the service has approximately 180,000 available IP addresses. Researchers note that this is still not much and significantly surpasses the possibilities of many other platforms and botnets.
It is also noted in the report that one of the infrastructure IP-addresses of the service was previously connected to other shadow platforms.
Bleeping Computer reports that currently BlackProxies is active on hacker forums, in topics devoted to credential stuffing attacks and account capture.
https://www.domaintools.com/resources/blog/purpose-built-criminal-proxy-services-and-the-malicious-activity-they-enable/
Domaintools
Criminal Proxy Services & Malicious Use Cases
As demand for malicious proxy services continues, new players have entered the market. Black Proxies is marketed to other cybercriminals for their reliability, scope, and overwhelming number of IP addresses.
Uncovering Your First Blind SQLi
Bugbounty Article : https://bugbountyguide.org/2022/12/08/uncovering-your-first-blind-sql-injection-vulnerability/
#bugbounty #infosec #hacking #cybersecurity
Bugbounty Article : https://bugbountyguide.org/2022/12/08/uncovering-your-first-blind-sql-injection-vulnerability/
#bugbounty #infosec #hacking #cybersecurity
Studying Active Directory?
Here are 5 blogs you should definitely check out.
1. lnkd.in/geyHTm_8
2. lnkd.in/g87pewRe
3. adsecurity.org
4. dirkjanm.io
5. lnkd.in/gcwsw-Nf
#Pentesting #CyberSec #bugbounty #infosec #ActiveDirectory
Here are 5 blogs you should definitely check out.
1. lnkd.in/geyHTm_8
2. lnkd.in/g87pewRe
3. adsecurity.org
4. dirkjanm.io
5. lnkd.in/gcwsw-Nf
#Pentesting #CyberSec #bugbounty #infosec #ActiveDirectory
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
❤2👻1
#Red_Team_Tactics
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
👻1
COVID-bit.pdf
10.1 MB
#Research
"COVID-bit: Keep a Distance of (at least) 2m From My Air-Gap Computer", Dec. 2022.
"COVID-bit: Keep a Distance of (at least) 2m From My Air-Gap Computer", Dec. 2022.
#tools
#Offensive_security
1. smsgate - open source SMS gateway for pentest projects
https://github.com/pentagridsec/smsgate
]-> https://www.pentagrid.ch/en/blog/open-source-sms-gateway-for-pentest-projects
2. r4ven - Track IP and GPS Location
https://github.com/spyboy-productions/r4ven
#Offensive_security
1. smsgate - open source SMS gateway for pentest projects
https://github.com/pentagridsec/smsgate
]-> https://www.pentagrid.ch/en/blog/open-source-sms-gateway-for-pentest-projects
2. r4ven - Track IP and GPS Location
https://github.com/spyboy-productions/r4ven
GitHub
GitHub - pentagridsec/smsgate: SMSgate is an open source Python-based server for sending and especially receiving SMS using multiple…
SMSgate is an open source Python-based server for sending and especially receiving SMS using multiple GSM modems and SIM cards. - pentagridsec/smsgate
WiPeep.pdf
2.8 MB
#WLAN_Security
"Non-Cooperative Wi-Fi Localization & its Privacy Implications", 2022.
// A new location revealing privacy attack on non-cooperative Wi-Fi devices
"Non-Cooperative Wi-Fi Localization & its Privacy Implications", 2022.
// A new location revealing privacy attack on non-cooperative Wi-Fi devices
👻1
#exploit
1. CVE-2022-23475:
daloRADIUS Vulnerablity
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app
2. Django RCE(DJRCE) exploitation with leaked SECRET_KEY variable
https://github.com/0xuf/DJRCE
3. Exploit collection for some Service DCOM Object LPE vulnerability (by SeImpersonatePrivilege abuse)
https://github.com/zcgonvh/DCOMPotato
1. CVE-2022-23475:
daloRADIUS Vulnerablity
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app
2. Django RCE(DJRCE) exploitation with leaked SECRET_KEY variable
https://github.com/0xuf/DJRCE
3. Exploit collection for some Service DCOM Object LPE vulnerability (by SeImpersonatePrivilege abuse)
https://github.com/zcgonvh/DCOMPotato
Daily CyberSecurity
CVE-2022-23475: Account take over flaw in open source RADIUS web management app
daloRADIUS project addressed a high-security vulnerability (CVE-2022-23475), if successfully exploited, could result in an account takeover.
👻1
Aikido_Turning_EDRs_Malicious_Wipers.pdf
2.6 MB
#Threat_Research
BlackHat Europe 2022:
"Turning EDRs to malicious wipers using 0-day exploits".
]-> https://github.com/SafeBreach-Labs/aikido_wiper
BlackHat Europe 2022:
"Turning EDRs to malicious wipers using 0-day exploits".
]-> https://github.com/SafeBreach-Labs/aikido_wiper
Forwarded from 卩ro 爪Cracker
DCOMPotato-master.zip
70.2 KB
#Exploit collection for some Service #DCOM Object local privalege escalation vulnerability(by SeImpersonatePrivilege abuse)
https://github.com/zcgonvh/DCOMPotato
https://github.com/zcgonvh/DCOMPotato
Forwarded from 卩ro 爪Cracker
Hacking the Furbo Dog Camera: Part III
https://ift.tt/Lt4OqH7
Submitted December 09, 2022 at 02:29AM by somersetrecon
via reddit https://ift.tt/1RVGUd7
https://ift.tt/Lt4OqH7
Submitted December 09, 2022 at 02:29AM by somersetrecon
via reddit https://ift.tt/1RVGUd7
Somerset Recon
Hacking the Furbo Dog Camera: Part III Fun with Firmware — Somerset Recon
We’re back with another entry in our Furbo hacking escapade! In our last post we mentioned we were taking a look at the then recently released Furbo Mini device and we are finally getting around to writing about what we found. Background Some time in the…
Forwarded from 卩ro 爪Cracker
Using ChatGPT to Generate Phishing Campaigns
https://ift.tt/jg86Dzk
Submitted December 09, 2022 at 08:32AM by rickyrockslide
via reddit https://ift.tt/cNmWALR
https://ift.tt/jg86Dzk
Submitted December 09, 2022 at 08:32AM by rickyrockslide
via reddit https://ift.tt/cNmWALR
Richardosgood
Using OpenAI Chat to Generate Phishing Campaigns
Generating phishing campaigns with OpenAI Chat and GPT-3
Forwarded from 卩ro 爪Cracker
Testing a mobile app using a device you don’t have
https://ift.tt/pJE7iLC
Submitted December 09, 2022 at 08:43PM by Necessary-Reality-80
via reddit https://ift.tt/lT8Pn6A
https://ift.tt/pJE7iLC
Submitted December 09, 2022 at 08:43PM by Necessary-Reality-80
via reddit https://ift.tt/lT8Pn6A
SIGTRAN - SS7 Over IP from Beginner to Expert level
Become Expert in SIGTRAN - Signaling Transport over IP Networks
SIGTRAN is the name of a group of telecommunications protocols designed to interoperate between traditional telephony and VoIP. The name is formed from the words signaling and transport and was given by the Internet Engineering Task Force (IETF), which develops specifications for a family of protocols that provide reliable datagram services and user level adaptation for Shared Channel System No. 7 (SS7) and ISDN. SIGTRAN protocols are an extension of the SS7 family of protocols. They support the same applications and call control paradigms as SS7, but use the Internet Protocol (IP) for addressing and are transmitted over SCTP. The working group in the IETF closed in March 2009 as having served its purpose.
What you'll learn
Sigtran Signaling Networks
Sigtran Network Protocols
Signaling messages
Sigtran Protocol Stack
◽️ SIGTRAN Introduction & Giving a reminder about SS7 Networks.
◽️ A Brief about TCP & UDP Protocols.
◽️ SIGTRAN Network Architecture
◽️ SIGTRAN vs SS7 Stack
◽️ IP Layer
◽️ SCTP Layer
◽️ Adaptation Layer (SUA , M3UA , M2PA , M2UA )
◽️ SIGTRAN newly introduced protocols identifying their messages.
Become Expert in SIGTRAN - Signaling Transport over IP Networks
SIGTRAN is the name of a group of telecommunications protocols designed to interoperate between traditional telephony and VoIP. The name is formed from the words signaling and transport and was given by the Internet Engineering Task Force (IETF), which develops specifications for a family of protocols that provide reliable datagram services and user level adaptation for Shared Channel System No. 7 (SS7) and ISDN. SIGTRAN protocols are an extension of the SS7 family of protocols. They support the same applications and call control paradigms as SS7, but use the Internet Protocol (IP) for addressing and are transmitted over SCTP. The working group in the IETF closed in March 2009 as having served its purpose.
What you'll learn
Sigtran Signaling Networks
Sigtran Network Protocols
Signaling messages
Sigtran Protocol Stack
◽️ SIGTRAN Introduction & Giving a reminder about SS7 Networks.
◽️ A Brief about TCP & UDP Protocols.
◽️ SIGTRAN Network Architecture
◽️ SIGTRAN vs SS7 Stack
◽️ IP Layer
◽️ SCTP Layer
◽️ Adaptation Layer (SUA , M3UA , M2PA , M2UA )
◽️ SIGTRAN newly introduced protocols identifying their messages.