β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦LIST OF HACKING BLOG/TUTORIALS :
https://scriptkidd1e.wordpress.com/oscp-journey/
http://www.securitysift.com/offsec-pwb-oscp/
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
http://hackingandsecurity.blogspot.com
Http://carnal0wnage.blogspot.com/
Http://www.mcgrewsecurity.com/
Http://www.gnucitizen.org/blog/
Http://www.darknet.org.uk/
Http://spylogic.net/
Http://taosecurity.blogspot.com/
Http://www.room362.com/
Http://blog.sipvicious.org/
Http://blog.portswigger.net/
Http://pentestmonkey.net/blog/
Http://jeremiahgrossman.blogspot.com/
Http://i8jesus.com/
Http://blog.c22.cc/
Http://www.skullsecurity.org/blog/
Http://blog.metasploit.com/
Http://www.darkoperator.com/
Http://blog.skeptikal.org/
Http://preachsecurity.blogspot.com/
Http://www.tssci-security.com/
Http://www.gdssecurity.com/l/b/
Http://websec.wordpress.com/
Http://bernardodamele.blogspot.com/
Http://laramies.blogspot.com/
Http://www.spylogic.net/
Http://blog.andlabs.org/
Http://xs-sniper.com/blog/
Http://www.commonexploits.com/
Http://www.sensepost.com/blog/
Http://wepma.blogspot.com/
Http://exploit.co.il/
Http://securityreliks.wordpress.com/
Http://www.madirish.net/index.html
Http://sirdarckcat.blogspot.com/
Http://reusablesec.blogspot.com/
Http://myne-us.blogspot.com/
Http://www.notsosecure.com/
Http://blog.spiderlabs.com/
Http://www.corelan.be/
Http://www.digininja.org/
Http://www.pauldotcom.com/
Http://www.attackvector.org/
Http://deviating.net/
Http://www.alphaonelabs.com/
Http://www.smashingpasswords.com/
Http://wirewatcher.wordpress.com/
Http://gynvael.coldwind.pl/
Http://www.nullthreat.net/
Http://www.question-defense.com/
Http://archangelamael.blogspot.com/
Http://memset.wordpress.com/
Http://sickness.tor.hu/
Http://punter-infosec.com/
Http://www.securityninja.co.uk/
Http://securityandrisk.blogspot.com/
Http://esploit.blogspot.com/
Http://www.pentestit.com/
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦LIST OF HACKING BLOG/TUTORIALS :
https://scriptkidd1e.wordpress.com/oscp-journey/
http://www.securitysift.com/offsec-pwb-oscp/
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
http://hackingandsecurity.blogspot.com
Http://carnal0wnage.blogspot.com/
Http://www.mcgrewsecurity.com/
Http://www.gnucitizen.org/blog/
Http://www.darknet.org.uk/
Http://spylogic.net/
Http://taosecurity.blogspot.com/
Http://www.room362.com/
Http://blog.sipvicious.org/
Http://blog.portswigger.net/
Http://pentestmonkey.net/blog/
Http://jeremiahgrossman.blogspot.com/
Http://i8jesus.com/
Http://blog.c22.cc/
Http://www.skullsecurity.org/blog/
Http://blog.metasploit.com/
Http://www.darkoperator.com/
Http://blog.skeptikal.org/
Http://preachsecurity.blogspot.com/
Http://www.tssci-security.com/
Http://www.gdssecurity.com/l/b/
Http://websec.wordpress.com/
Http://bernardodamele.blogspot.com/
Http://laramies.blogspot.com/
Http://www.spylogic.net/
Http://blog.andlabs.org/
Http://xs-sniper.com/blog/
Http://www.commonexploits.com/
Http://www.sensepost.com/blog/
Http://wepma.blogspot.com/
Http://exploit.co.il/
Http://securityreliks.wordpress.com/
Http://www.madirish.net/index.html
Http://sirdarckcat.blogspot.com/
Http://reusablesec.blogspot.com/
Http://myne-us.blogspot.com/
Http://www.notsosecure.com/
Http://blog.spiderlabs.com/
Http://www.corelan.be/
Http://www.digininja.org/
Http://www.pauldotcom.com/
Http://www.attackvector.org/
Http://deviating.net/
Http://www.alphaonelabs.com/
Http://www.smashingpasswords.com/
Http://wirewatcher.wordpress.com/
Http://gynvael.coldwind.pl/
Http://www.nullthreat.net/
Http://www.question-defense.com/
Http://archangelamael.blogspot.com/
Http://memset.wordpress.com/
Http://sickness.tor.hu/
Http://punter-infosec.com/
Http://www.securityninja.co.uk/
Http://securityandrisk.blogspot.com/
Http://esploit.blogspot.com/
Http://www.pentestit.com/
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
scriptkidd1e
OSCP Journey
Update: I am currently slowly migrating my site content to a YouTube channel and will be posting new video content to the YouTube channel regularly instead! Thank you! β Introduction β β¦
How to bypass AMSI and execute ANY malicious Powershell code.pdf
398 KB
Full How to bypass AMSI and execute ANY malicious Powershell code
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some hacking forums :
Http://sla.ckers.org/forum/index.php
Http://www.ethicalhacker.net/
Http://www.backtrack-linux.org/forums/
Http://www.elitehackers.info/forums/
Http://www.hackthissite.org/forums/index.php
Http://securityoverride.com/forum/index.php
Http://www.iexploit.org/
Http://bright-shadows.net/
Http://www.governmentsecurity.org/forum/
Http://forum.intern0t.net/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some hacking forums :
Http://sla.ckers.org/forum/index.php
Http://www.ethicalhacker.net/
Http://www.backtrack-linux.org/forums/
Http://www.elitehackers.info/forums/
Http://www.hackthissite.org/forums/index.php
Http://securityoverride.com/forum/index.php
Http://www.iexploit.org/
Http://bright-shadows.net/
Http://www.governmentsecurity.org/forum/
Http://forum.intern0t.net/
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DORKS/CVE & MORE :
Http://uptime.netcraft.com/
Http://www.serversniff.net/
Http://www.domaintools.com/
Http://centralops.net/co/
Http://hackerfantastic.com/
Http://whois.webhosting.info/
Https://www.ssllabs.com/ssldb/analyze.html
Http://www.clez.net/
Http://www.my-ip-neighbors.com/
Http://www.shodanhq.com/
Http://www.exploit-db.com/google-dorks/
Http://www.hackersforcharity.org/ghdb/
EXPLOITS AND ADVISORIES
Http://www.exploit-db.com/
Http://www.cvedetails.com/
Http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
Http://www.securityfocus.com/bid
Http://nvd.nist.gov/
Http://osvdb.org/
http://www.nullbyte.org.il/Index.html
Http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
Http://secunia.com/
Http://cve.mitre.org/
CHEATSHEETS AND SYNTAX
Http://www.cheat-sheets.org/
Http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DORKS/CVE & MORE :
Http://uptime.netcraft.com/
Http://www.serversniff.net/
Http://www.domaintools.com/
Http://centralops.net/co/
Http://hackerfantastic.com/
Http://whois.webhosting.info/
Https://www.ssllabs.com/ssldb/analyze.html
Http://www.clez.net/
Http://www.my-ip-neighbors.com/
Http://www.shodanhq.com/
Http://www.exploit-db.com/google-dorks/
Http://www.hackersforcharity.org/ghdb/
EXPLOITS AND ADVISORIES
Http://www.exploit-db.com/
Http://www.cvedetails.com/
Http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
Http://www.securityfocus.com/bid
Http://nvd.nist.gov/
Http://osvdb.org/
http://www.nullbyte.org.il/Index.html
Http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
Http://secunia.com/
Http://cve.mitre.org/
CHEATSHEETS AND SYNTAX
Http://www.cheat-sheets.org/
Http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
β β β Uππ»βΊπ«Δπ¬πβ β β β
DomainTools | Start Here. Know Now.
DomainTools - The first place to go when you need to know.
DomainTools is the global leader in Internet intelligence. Learn how our products and data are fundamental to best-in-class security programs.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why do hackers threaten router DNS?
1) The DNS location of the router can be tampered with after the router is hijacked, so that the user's upper homepage can be controlled, so that it can actively jump and pull out the pop-up window to advertise and other fees and traffic charges;
2) After the router is hijacked, it can monitor the application status of users connected to the wireless network, so as to steal user account information, especially bank account information;
3) When the user reads the webpage, he should actively jump and close the link that has the Trojan horse virus implanted. The user should be recruited to stop ordering or hacking;
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why do hackers threaten router DNS?
1) The DNS location of the router can be tampered with after the router is hijacked, so that the user's upper homepage can be controlled, so that it can actively jump and pull out the pop-up window to advertise and other fees and traffic charges;
2) After the router is hijacked, it can monitor the application status of users connected to the wireless network, so as to steal user account information, especially bank account information;
3) When the user reads the webpage, he should actively jump and close the link that has the Trojan horse virus implanted. The user should be recruited to stop ordering or hacking;
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to invent in real time whether a router can be held hostage?
1) Introspect the DNS location of the router and the location pointed to by the DNS. If the DNS setting in the router DHCP is 66.102.. or 207.254.., it means that it has been coerced;
2) Reflect on the number of connected equipment, log in to the router management interface, and reflect on the number of equipment connected to the wireless network. If there are unfamiliar equipment, it means that it may have been hijacked;
3) When you read a webpage, you start to show active jumps and more pop-up advertisements;
4) Check whether the manual setting of DNS server option in the high-end settings of the router can be checked. If it is checked, it means that it has been hijacked;
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to invent in real time whether a router can be held hostage?
1) Introspect the DNS location of the router and the location pointed to by the DNS. If the DNS setting in the router DHCP is 66.102.. or 207.254.., it means that it has been coerced;
2) Reflect on the number of connected equipment, log in to the router management interface, and reflect on the number of equipment connected to the wireless network. If there are unfamiliar equipment, it means that it may have been hijacked;
3) When you read a webpage, you start to show active jumps and more pop-up advertisements;
4) Check whether the manual setting of DNS server option in the high-end settings of the router can be checked. If it is checked, it means that it has been hijacked;
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦JavaScript email attachments may carry malicious code
JavaScript email attachments may carry malicious code. Letβs take a look at whatβs going on.
1) Recently there has been a ransomware program called RAA, written entirely in JavaScript, which can lock users' files by using a strong encryption program.
2) Most malicious software in Windows is written in a compiled language such as C or C++ and spread in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch or PowerShell.
3) The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host of Windows can also directly execute .js files.
4) Attackers have only recently started using this technique. Last month, Microsoft warned that js attachments in malicious emails might carry viruses, and ESETβs Security Research Institute also warned that some js attachments might run Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages ββby default. But RAA is different, this is malware written entirely in JavaScript.
5) Experts from the BleepingComputer.com technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.
6) Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.
7) According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if it targets Russian computers, its proliferation is only a matter of time.
It is very unusual to include JavaScript attachments in emails, so users should avoid opening such files even if they are contained in .zip archives. .js files are rarely used in other places except in websites and browsers.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦JavaScript email attachments may carry malicious code
JavaScript email attachments may carry malicious code. Letβs take a look at whatβs going on.
1) Recently there has been a ransomware program called RAA, written entirely in JavaScript, which can lock users' files by using a strong encryption program.
2) Most malicious software in Windows is written in a compiled language such as C or C++ and spread in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch or PowerShell.
3) The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host of Windows can also directly execute .js files.
4) Attackers have only recently started using this technique. Last month, Microsoft warned that js attachments in malicious emails might carry viruses, and ESETβs Security Research Institute also warned that some js attachments might run Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages ββby default. But RAA is different, this is malware written entirely in JavaScript.
5) Experts from the BleepingComputer.com technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.
6) Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.
7) According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if it targets Russian computers, its proliferation is only a matter of time.
It is very unusual to include JavaScript attachments in emails, so users should avoid opening such files even if they are contained in .zip archives. .js files are rarely used in other places except in websites and browsers.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦JavaScript - The Complete Guide 2020 (Beginner + Advanced) (20192-2020)
ββ17.25 GBβ
https://www.udemy.com/course/javascript-the-complete-guide-2020-beginner-advanced/
https://mega.nz/folder/wQYFBSKR#wcb0uUnSOqs8Z86jGFHCZg
ββ17.25 GBβ
https://www.udemy.com/course/javascript-the-complete-guide-2020-beginner-advanced/
https://mega.nz/folder/wQYFBSKR#wcb0uUnSOqs8Z86jGFHCZg
Udemy
JavaScript - The Complete Guide 2025 (Beginner + Advanced)
Modern JavaScript from the beginning - all the way up to JS expert level! THE must-have JavaScript resource in 2025.
scanless_β_A_Tool_for_Perform_Anonymous_Port_Scan_on_Target_Websites.pdf
2.2 MB
scanless β A Tool for Perform Anonymous Port Scan on Target Websites
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to quickly remove the Trojan horse virus in the system ?
relatively file-bundled. The DLL insertion Trojan is more advanced, with no process, no ports, etc. It is difficult for ordinary people to notice. Therefore, the removal steps are relatively complicated.
1) End the Trojan horse process.
Since this type of Trojan horse is embedded in other processes, it does not generate specific items in the process viewer. If we find that our system is abnormal, we need to judge whether it has been hit DLL Trojan.
Here we use the IceSword tool. After running the program, it will automatically detect the running process of the system. Right-click on the suspicious process and select "Module Information" in the pop-up menu. You can view all DLL modules in the pop-up window. At this time, if you find an item of unknown origin, you can select it, and then click the "Uninstall" button to delete it from the process. For some stubborn processes, we will also click the "Forced Release" button, and then use the address in the "Module File Name" column to delete them directly in the folder.
2) Finding suspicious DLL modules
As general users are not familiar with the calling of DLL files, it is difficult to determine which DLL module is suspicious. In this way, ECQ-PS (Super Process King) can come in handy.
3) After running the software, you can see all the processes in the current system in the middle list. After double-clicking one of the processes, you can display detailed information in the "All Modules" tab of the window including the module name , Version and manufacturer, and time of creation, etc. The manufacturer and creation time information is more important. If it is a critical system process such as "svchost.exe", but the result is a module from an unknown manufacturer, the module must be faulty. In addition, if the manufacturer is Microsoft, but the creation time is different from that of other DLL modules, it may also be a DLL Trojan.
4) In addition, we can also directly switch to the "Suspicious Module" option, the software will automatically scan the suspicious files in the module and display them in the list. Double-click the suspicious DLL module in the scan result list to see the process of calling this module. Generally, each DLL file is called by multiple processes. If this DLL file is only called by this process, it may also be a DLL Trojan. Click the "Forced Delete" button to delete the DLL Trojan from the process.
5) Thorough Rootkit detection It is
impossible for anyone to check the ports, registry, files, and services in the system all the time to see if the Trojan is hidden. At this time I can use some special tools for detection.
π¦1.Rootkit Detector clears Rootkit
Rootkit Detector is a rootkit detection and removal tool that can detect multiple rootkits under Windows, including the famous hxdef.100.
The method is very simple, run the program name "rkdetector.exe" directly under the command line. After the program runs, it will automatically complete a list of hidden items detection in the system, find out the Rootkit programs and services that are running in the system, mark them in red to remind them, and try to clear them.
2. Powerful Knlps
In contrast, Knlps is more powerful, it can specify the end of the running Rootkit program. When in use, enter the "knlps.exe-l" command under the command line, and all the hidden rootkit processes in the system and the corresponding process PID numbers will be displayed. After finding the rootkit process, you can use the "-k" parameter to delete it. For example, the process of "svch0st.exe" has been found, and the PID number is "3908", you can enter the command "knlps.exe -k 3908" to terminate the process.
3. Fourth, the detection of cloned accounts
strictly speaking, it is no longer a backdoor Trojan. But he also created an account with administrator rights in the system, but what we are viewing is a member of the Guest group, which is very easy to paralyze the administrator.
π¦How to quickly remove the Trojan horse virus in the system ?
relatively file-bundled. The DLL insertion Trojan is more advanced, with no process, no ports, etc. It is difficult for ordinary people to notice. Therefore, the removal steps are relatively complicated.
1) End the Trojan horse process.
Since this type of Trojan horse is embedded in other processes, it does not generate specific items in the process viewer. If we find that our system is abnormal, we need to judge whether it has been hit DLL Trojan.
Here we use the IceSword tool. After running the program, it will automatically detect the running process of the system. Right-click on the suspicious process and select "Module Information" in the pop-up menu. You can view all DLL modules in the pop-up window. At this time, if you find an item of unknown origin, you can select it, and then click the "Uninstall" button to delete it from the process. For some stubborn processes, we will also click the "Forced Release" button, and then use the address in the "Module File Name" column to delete them directly in the folder.
2) Finding suspicious DLL modules
As general users are not familiar with the calling of DLL files, it is difficult to determine which DLL module is suspicious. In this way, ECQ-PS (Super Process King) can come in handy.
3) After running the software, you can see all the processes in the current system in the middle list. After double-clicking one of the processes, you can display detailed information in the "All Modules" tab of the window including the module name , Version and manufacturer, and time of creation, etc. The manufacturer and creation time information is more important. If it is a critical system process such as "svchost.exe", but the result is a module from an unknown manufacturer, the module must be faulty. In addition, if the manufacturer is Microsoft, but the creation time is different from that of other DLL modules, it may also be a DLL Trojan.
4) In addition, we can also directly switch to the "Suspicious Module" option, the software will automatically scan the suspicious files in the module and display them in the list. Double-click the suspicious DLL module in the scan result list to see the process of calling this module. Generally, each DLL file is called by multiple processes. If this DLL file is only called by this process, it may also be a DLL Trojan. Click the "Forced Delete" button to delete the DLL Trojan from the process.
5) Thorough Rootkit detection It is
impossible for anyone to check the ports, registry, files, and services in the system all the time to see if the Trojan is hidden. At this time I can use some special tools for detection.
π¦1.Rootkit Detector clears Rootkit
Rootkit Detector is a rootkit detection and removal tool that can detect multiple rootkits under Windows, including the famous hxdef.100.
The method is very simple, run the program name "rkdetector.exe" directly under the command line. After the program runs, it will automatically complete a list of hidden items detection in the system, find out the Rootkit programs and services that are running in the system, mark them in red to remind them, and try to clear them.
2. Powerful Knlps
In contrast, Knlps is more powerful, it can specify the end of the running Rootkit program. When in use, enter the "knlps.exe-l" command under the command line, and all the hidden rootkit processes in the system and the corresponding process PID numbers will be displayed. After finding the rootkit process, you can use the "-k" parameter to delete it. For example, the process of "svch0st.exe" has been found, and the PID number is "3908", you can enter the command "knlps.exe -k 3908" to terminate the process.
3. Fourth, the detection of cloned accounts
strictly speaking, it is no longer a backdoor Trojan. But he also created an account with administrator rights in the system, but what we are viewing is a member of the Guest group, which is very easy to paralyze the administrator.
Here is a new account clone detection tool LP_Check, which can check out the cloned users in the system clearly!
The use of LP_Check is extremely simple. After the program runs, it will compare and check the user accounts and permissions in the registry and "Account Manager". You can see that the program has detected a problem with the Guest account just now, and a red triangle is displayed in the list. Highlight it, then we can open the user management window to delete it.
> Through the introduction, I believe that the system can be restored more safely, but if you want to completely avoid Trojan horses, you still need to understand its basic knowledge.
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
The use of LP_Check is extremely simple. After the program runs, it will compare and check the user accounts and permissions in the registry and "Account Manager". You can see that the program has detected a problem with the Guest account just now, and a red triangle is displayed in the list. Highlight it, then we can open the user management window to delete it.
> Through the introduction, I believe that the system can be restored more safely, but if you want to completely avoid Trojan horses, you still need to understand its basic knowledge.
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of attacks against well-known aerospace and military companies:
> Vulnerability-r3d3-1024x512
At the end of last year, we discovered attacks against aerospace and military companies in Europe and the Middle East. The attacks were very active from September 2019 to December 2019. Through in-depth investigations of the two affected European companies, we have conducted in-depth understanding of their attack activities and discovered malicious software that has never been recorded before.
> analyze the specific circumstances of the attack. The complete analysis report can be viewed in the white paper "Operational Perception: Targeted Attacks against European Aerospace and Military Companies . "
> Based on a related malware sample named Inception.dll, we call these attacks "operational awareness" and found that these attacks are highly targeted.
> In order to endanger the target, the attackers use attractive fake job opportunities as a guise. After gaining trust, customized multi-level malware and modified open source tools were deployed. In addition, it also adopts a "survival on land" strategy, abuses legitimate tools and operating system functions, and uses a variety of techniques to avoid detection (including code signing, regular recompilation of malware, and fraud by pretending to be a legitimate company).
> Our investigation revealed that the main target of the operation was espionage. However, in a case investigated, it was found that the attacker tried to monetize access to the victim's email account through a commercial email compromise attack (BEC). Although we did not find strong evidence linking the attack with known threat actors, we found some clues that may be connected to the Lazarus Group (including targeting, development environment, and technical analysis used).
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of attacks against well-known aerospace and military companies:
> Vulnerability-r3d3-1024x512
At the end of last year, we discovered attacks against aerospace and military companies in Europe and the Middle East. The attacks were very active from September 2019 to December 2019. Through in-depth investigations of the two affected European companies, we have conducted in-depth understanding of their attack activities and discovered malicious software that has never been recorded before.
> analyze the specific circumstances of the attack. The complete analysis report can be viewed in the white paper "Operational Perception: Targeted Attacks against European Aerospace and Military Companies . "
> Based on a related malware sample named Inception.dll, we call these attacks "operational awareness" and found that these attacks are highly targeted.
> In order to endanger the target, the attackers use attractive fake job opportunities as a guise. After gaining trust, customized multi-level malware and modified open source tools were deployed. In addition, it also adopts a "survival on land" strategy, abuses legitimate tools and operating system functions, and uses a variety of techniques to avoid detection (including code signing, regular recompilation of malware, and fraud by pretending to be a legitimate company).
> Our investigation revealed that the main target of the operation was espionage. However, in a case investigated, it was found that the attacker tried to monetize access to the victim's email account through a commercial email compromise attack (BEC). Although we did not find strong evidence linking the attack with known threat actors, we found some clues that may be connected to the Lazarus Group (including targeting, development environment, and technical analysis used).
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Solution to the U Disk Ripper Virus Unable to Delete:
#FastTips
At the moment of a mouse click, traffic flows through layers of nodes in the user system, and rushes to the remote server under the guidance of the route. The short-to-hand combat during this journey is often the most intense. Hijackers are often ambushing at all nodes where traffic may pass through, and the means of traffic hijacking
> are also endless, from homepage configuration tampering, hosts hijacking, process hook, startup hijacking, LSP injection , Browser plug-in hijacking, http proxy filtering, kernel data packet hijacking, bootkit, etc. are constantly being updated. Perhaps the story of traffic hijacking has already begun from the moment it is turned on
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Solution to the U Disk Ripper Virus Unable to Delete:
#FastTips
At the moment of a mouse click, traffic flows through layers of nodes in the user system, and rushes to the remote server under the guidance of the route. The short-to-hand combat during this journey is often the most intense. Hijackers are often ambushing at all nodes where traffic may pass through, and the means of traffic hijacking
> are also endless, from homepage configuration tampering, hosts hijacking, process hook, startup hijacking, LSP injection , Browser plug-in hijacking, http proxy filtering, kernel data packet hijacking, bootkit, etc. are constantly being updated. Perhaps the story of traffic hijacking has already begun from the moment it is turned on
β β β Uππ»βΊπ«Δπ¬πβ β β β