استفاده از ماینرها دقیقا بعد از افشای سری اکسپلویت های #NSA توسط تیم #shadowbroker بود حالا اینکه این تیم جزوی از دولت چین هست و شواهد حاکی بر این بوده که قبل از افشا 1 سال قبلش از اکسپلویت ها روی یک سری تارگت کار میکردند نداریم.
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
ولی جالبیش اینکه از سال 2016 که مصادف با افشای اطلاعات #edwardsnowden بوده هکر ها برای کسب در امد سرورهای اصطلاحا بی صاحب رو هک میکردند و روش ماینر نصب میکردند یک مدت هم ترند بود که اتوماینر میفروختند و تو همین ایران هم استفاده می شد #autominer
https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
ولی شیوه ای که تیم چینی استفاده کرده برای ماین کردن بیش از 2 میلیون دلار واقعا جذابه !
حالا اومدن چی کار کردن اومدن Windows Defender طراحی کردند جایگزین کردن به عنوان سرویس تو ویندوز جدا از خلاف بودن ذهن خلاقی دارند هکرهای چینی
https://www.pcrisk.com/removal-guides/15093-msascuil-exe-virus
علاوه بر ماین کردن در سرورها در سرتاسر دنیا اطلاعات بانکی پسوردها رو سرقت میکردند و اینطوری تعداد زیادی VPS برای ماین به دامنه کاریشون اضافه می شده.
https://thehackernews.com/2021/06/crackonosh-virus-mined-2-million-of.html
"Crackonosh shows the risks in downloading cracked software," Avast security researcher Daniel Beneš said. "As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can't get something for nothing and when you try to steal software, odds are someone is trying to steal from you."
لطفا #splunk #kerio کرک شده نصب نکنید !
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel

With the shift in focus from CentOS project to CentOS Stream which will now serve as the upstream to RHEL, a few CentOS alternatives have been floated to replace CentOS 8.
EOL
https://wiki.centos.org/About/Product
گزینه های جایگزین
https://www.tecmint.com/migrate-from-centos-to-oracle-linux/
https://www.oracle.com/linux/technologies/oracle-linux-downloads.html
https://www.sonarqube.org/downloads/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel

کتاب هایی که دیشب در Clubhouse معرفی شده اند منابع بسیار خوبی هستند مخصوصا RTFM فقط کامندها و سوییچ های مورد نیاز در مراحل مختلف تست نفوذ به ریز گفته
#redTeam
#blueTeam
#RTFM
#BTFM
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel

What is Detection-Rule-Dump ?l
https://github.com/archanchoudhury/Detection-Rule-Dump
https://www.youtube.com/c/BlackPerl
#DFIR
#SIEM
#SOC

1)Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China.
https://thehackernews.com/2021/06/hackers-trick-microsoft-into-signing.html
https://www.virustotal.com/gui/file/63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0/detection
https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
2)Social Engineering with Spam result will be ransomware entire network
https://thehackernews.com/2021/06/dmarc-first-line-of-defense-against.html
مهندسی اجتماعی چیست و روش های آن :
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/clubhouse-general-social-engineering-2-phishing/
https://blog.peneter.com/clubhouse-general-social-engineering-3-malware/
برای بررسی اینکه Domain در بلک لیست قرار دارد یا نه
https://powerdmarc.com/analyzer/
https://mxtoolbox.com/
3)SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
APT های این چند وقت اخیر
It's tracked by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel

universal cross-site scripting (UXSS) issue that's triggered when automatically translating web pages using the browser's built-in feature via Microsoft Translator.
اگر از Edge استفاده میکنید حتما اپدیتش کنید چون خیلی ها کار صرافی می کنند با VPS از Edge استفاده می کنند !
روش آپدیت
edge://settings/help
رو تو آدرس بار بزنید آخرین ورژن نبود بزنین آپدیت بشه
https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel

Penetration Testing Mind (Full )
Credit : Alireza Tavakoli
#HackingMind
#hackingSteps

نسخه فارسی Penetration Testing Mind
Credit : Hamid Kashfi

Information Gathering Xmind
Credit : Soheil Hashemi
Good for Penetration Testing Report

Vulnerability Assessments Part
Credit : soheil Hashemi

Data for 700M #LinkedIn Users Posted for Sale in #Raidforums
https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/?utm_source=dlvr.it&utm_medium=linkedin
https://raidforums.com/Thread-SELLING-New-Linkedin-2021-700Million-records?highlight=linkedin

Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released.
https://threatpost.com/rce-bug-in-adobe-revealed/167382/
#adobe
#0day

CVE-2021-35523: Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30
https://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent

https://github.com/irsl/gcp-dhcp-takeover-code-exec
#googlecloud
#takeover

CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability

CVE-2020-1170, an elevation of privilege bug in Windows Defender

https://itm4n.github.io/cve-2020-1170-windows-defender-eop/