📕APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
Here came a small joint report from the NSA in partnership with the NCSC, the FBI and CISA on TTPs related to the exploitation of CVE-2017-6742 (vulns in the Cisco SNMP subsystem, an authenticated attacker could achieve RCE or DoS) by APT28. To be more precise, the attacking "Bears" masqueraded as SNMP to exploit CVE-2017-6742. As indicated in the report, the targets were located all over the world: US government agencies, about 250 Ukrainian victims and some (rather small) number of people in Europe.
The report also provides mitigation measures.
#GCHQ #NCSC #CISA #FBI #NSA #APT28 #expoitation #Cisco #TTPs
Here came a small joint report from the NSA in partnership with the NCSC, the FBI and CISA on TTPs related to the exploitation of CVE-2017-6742 (vulns in the Cisco SNMP subsystem, an authenticated attacker could achieve RCE or DoS) by APT28. To be more precise, the attacking "Bears" masqueraded as SNMP to exploit CVE-2017-6742. As indicated in the report, the targets were located all over the world: US government agencies, about 250 Ukrainian victims and some (rather small) number of people in Europe.
The report also provides mitigation measures.
#GCHQ #NCSC #CISA #FBI #NSA #APT28 #expoitation #Cisco #TTPs
👍5
CSA_APT28_EXPLOITS_KNOWN_VULNERABILITY.PDF
606.5 KB
📕APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
Тут вышел небольшой совместный отчет от АНБ в партнерстве с НЦКВ(NCSC), ФБР и CISA о TTPs, связанных с эксплуатацией CVE-2017-6742(уязвимости в подсистеме SNMP Cisco, можно было аутентифицированному злоумышленнику добиться RCE или DoS) силами APT28. Если быть более точным, то атакующие "Медведи" маскировались под SNMP для эксплуатации CVE-2017-6742. Как указано в отчете, таргеты располагались по всему миру: правительственные учреждения США, около 250 украинских жертв и некоторое(довольно не большое) количество людей в Европе.
В отчете также приводятся меры смягчения.
#GCHQ #NCSC #CISA #FBI #NSA #APT28 #expoitation #Cisco #TTPs
Тут вышел небольшой совместный отчет от АНБ в партнерстве с НЦКВ(NCSC), ФБР и CISA о TTPs, связанных с эксплуатацией CVE-2017-6742(уязвимости в подсистеме SNMP Cisco, можно было аутентифицированному злоумышленнику добиться RCE или DoS) силами APT28. Если быть более точным, то атакующие "Медведи" маскировались под SNMP для эксплуатации CVE-2017-6742. Как указано в отчете, таргеты располагались по всему миру: правительственные учреждения США, около 250 украинских жертв и некоторое(довольно не большое) количество людей в Европе.
В отчете также приводятся меры смягчения.
#GCHQ #NCSC #CISA #FBI #NSA #APT28 #expoitation #Cisco #TTPs
❤3
HITB2023AMS.zip
232.2 MB
🗃Ваш покорный слуга скачал все доступные на данный момент презентации с Hack In The Box 2023 Amsterdam и укомплектовал в архив.
🗃Your humble servant downloaded all currently available presentations from Hack In The Box 2023 Amsterdam and archived them.
#HITB2023 #security #API #AV #Fingerprinting #Honeypots #PostExploitation #hacking #shellcode #iOS #windows #malware #bugs #WAN #LAN #AntiCensorship #obfuscation #virtuallization #XRP
🗃Your humble servant downloaded all currently available presentations from Hack In The Box 2023 Amsterdam and archived them.
#HITB2023 #security #API #AV #Fingerprinting #Honeypots #PostExploitation #hacking #shellcode #iOS #windows #malware #bugs #WAN #LAN #AntiCensorship #obfuscation #virtuallization #XRP
❤14🔥5👍2🤡1👾1
0% Privacy
HITB2023AMS.zip
D2T1_Smart_Speaker_Shenanigans_Making_the_SONOS_One_Sing_Its_Secrets.pdf
19.2 MB
📕SMART SPEAKER SHENANIGANS:
MAKING THE SONOS ONE SING ITS SECRETS
MAKING THE SONOS ONE SING ITS SECRETS
D2 COMMSEC - Feeding Gophers to Ghidra - Max Kersten.pdf
421.7 KB
📕Feeding Gophers to Ghidra
D2T2_Automated_Black_box_Security_Testing_of_Smart_Embedded_Devices.pdf
5.3 MB
📕Automated Black-Box Security Testing of Smart Embedded Device
D1T1_Leveraging_Advanced_Techniques_of_DMA_Reentrancy_to_Escape.pdf
1.5 MB
📕Resurrecting Zombies: Leveraging advanced techniques of DMA reentrancy to escape QEMU
D2_COMMSEC_Red_Wizard_A_User_friendly_Infrastructure_for_Red_Teams.pdf
2.7 MB
📕Red Wizard - User friendly, automated RT infrastructure
D2T1_How_MySQL_Servers_Can_Attack_YOU_Martin_Rahkmanov_&_Alexander.pdf
5.4 MB
📕HOW MYSQL SERVERS CAN ATTACK YOU
D1_COMMSEC_Upgrading_Rollback_Agnostic_Replay_Attacks_Carlos_Gomez.pdf
8.4 MB
📕Upgrading Rollback-Agnostic Replay Attacks
#HITB2023 #security #hacking #automotive #car #SDR #RFanalysis #MySQL #RedTeam #infrastructure #DMA #QemuEscape #expoitation #Embedded #fw #fuzzing #Ghidra #Gophers #Golang #SONOS
#HITB2023 #security #hacking #automotive #car #SDR #RFanalysis #MySQL #RedTeam #infrastructure #DMA #QemuEscape #expoitation #Embedded #fw #fuzzing #Ghidra #Gophers #Golang #SONOS
👍3❤1👏1
0% Privacy
HITB2023AMS.zip
D2T1_A_Security_Analysis_of_Computer_Numerical_Control_Machines.pdf
6 MB
📕A Security Analysis of Computer Numerical Control Machines in Industry 4.0
D2T1_A_Deep_Dive_into_GarminOS_and_its_MonkeyC_Virtual_Machine_Tao.pdf
3.8 MB
📕Compromising Garmin's Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine
D2_COMMSEC_LAB_Developing_Malicious_Kernel_Drivers_Tijme_Gommers.pdf
4.2 MB
📕DEVELOPING MALICIOUS KERNEL DRIVERS
D2T1_ChatGPT_Please_Write_Me_a_Piece_of_Polymorphic_Malware_Omer.pdf
4.5 MB
📕ChatGPT: Please write me a polymorphic malware
ChattyCaty is an open-source project which demonstrates an infrastructure to create a polymorphic program using GPT models.
ChattyCaty is an open-source project which demonstrates an infrastructure to create a polymorphic program using GPT models.
D2T2_Privilege_Escalation_Using_DOP_in_MacOS_x86_64_Yoochan_Lee.pdf
2.3 MB
📕Privilege Escalation using DOP in x86-64 macOS
#HITB2023 #security #hacking #macOS #expoitation #vulnerability #PE #DOP #ChatGPT #polymorphicMalware #KernelDrivers #GarminOS #MonkeyC #FW #VM #ICS #SupplyChain #MTConnect
#HITB2023 #security #hacking #macOS #expoitation #vulnerability #PE #DOP #ChatGPT #polymorphicMalware #KernelDrivers #GarminOS #MonkeyC #FW #VM #ICS #SupplyChain #MTConnect
❤2👍2👏1
Forwarded from Private Shizo
📲Android Deep Link issues and WebView Exploitation
Android Deep Linking and usage of WebViews in the Android applications are one of most targeted yet least talked about attack vectors. In this blog post, we will explore these issues in-depth and provide you with the techniques for exploiting and securing against such attacks.
💥Try out your skills on the BuggyWebView application.
Android Deep Linking and usage of WebViews in the Android applications are one of most targeted yet least talked about attack vectors. In this blog post, we will explore these issues in-depth and provide you with the techniques for exploiting and securing against such attacks.
💥Try out your skills on the BuggyWebView application.