Phishing Analysis: Decrypting HTTPS traffic with Wireshark
π£stra1ghtarrow
How would this work if GPS spoofing was used?
π€Poofing_SME
As others have stated, using a dedicated MITM tool for ssl interception is faster and more efficient than using Wireshark. (It's also an industry expectation).
That being said it is still overall a fairly well written article. The only constructive criticism I'll give is this line comes off as condescending towards your wife and self congratulatory...
"Thanks to the regular user awareness sessions I have conducted with her (lol), she did the right thing and forwarded the email to me."
As technical writing is subject to a more formalized style in general this type of language I find unacceptable and off putting and using "lol" here was unnecessary.
I urge you though to continue your technical writing and journey into cybersec as you clearly have passion. Cheers.
π€Taikor
Why did you create an SSLKeylog file to decrypt traffic when you can see right in the payload section of the developer tools what is being passed and what IP its being passed to?
I feel like you took extra steps for a rather simple phishing tactic.
π€SwitchInteresting718
π@malwr
π£stra1ghtarrow
How would this work if GPS spoofing was used?
π€Poofing_SME
As others have stated, using a dedicated MITM tool for ssl interception is faster and more efficient than using Wireshark. (It's also an industry expectation).
That being said it is still overall a fairly well written article. The only constructive criticism I'll give is this line comes off as condescending towards your wife and self congratulatory...
"Thanks to the regular user awareness sessions I have conducted with her (lol), she did the right thing and forwarded the email to me."
As technical writing is subject to a more formalized style in general this type of language I find unacceptable and off putting and using "lol" here was unnecessary.
I urge you though to continue your technical writing and journey into cybersec as you clearly have passion. Cheers.
π€Taikor
Why did you create an SSLKeylog file to decrypt traffic when you can see right in the payload section of the developer tools what is being passed and what IP its being passed to?
I feel like you took extra steps for a rather simple phishing tactic.
π€SwitchInteresting718
π@malwr
Medium
Phishing Analysis: Decrypting HTTPS traffic with Wireshark
Last week, my wife received an email requesting her to return a certificate of insurance. We have had regular discussions around personalβ¦
Lazarus Group Targeting Windows IIS Web Servers
π£digicat
I have been seeing a couple instances of similar attacks through misconfigured IIS Servers where services have been taken over and used to load malicious payloads into incomings RDS via VPN sessions via service accounts over the past couple of weeks.
When I traced the attacks I found them all to be coming out of Russia. Neither here nor there, but was able to reconfigure firewalls, close ports on IIS, and mitigate.
π€RatherB_fishing
π@malwr
π£digicat
I have been seeing a couple instances of similar attacks through misconfigured IIS Servers where services have been taken over and used to load malicious payloads into incomings RDS via VPN sessions via service accounts over the past couple of weeks.
When I traced the attacks I found them all to be coming out of Russia. Neither here nor there, but was able to reconfigure firewalls, close ports on IIS, and mitigate.
π€RatherB_fishing
π@malwr
ASEC
Lazarus Group Targeting Windows IIS Web Servers - ASEC
Lazarus Group Targeting Windows IIS Web Servers ASEC
A Modern Approach to Evading AntiVirus and Bypassing Endpoint Detection
π£ResidentHacker
Learnt new stuff, thanks and cool stuff for AV evasion
π€Ka4maroot
If you look at the git, Bypassing Endpoint Detection is a bit of a misnomer here. This is AV evasion + living off the land. Nice resource for a few evasion techniques though!
π€Sittadel
π@malwr
π£ResidentHacker
Learnt new stuff, thanks and cool stuff for AV evasion
π€Ka4maroot
If you look at the git, Bypassing Endpoint Detection is a bit of a misnomer here. This is AV evasion + living off the land. Nice resource for a few evasion techniques though!
π€Sittadel
π@malwr
GitHub
GitHub - RoseSecurity/Anti-Virus-Evading-Payloads: During the exploitation phase of a pen test or ethical hacking engagement, youβ¦
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus ...
librick/ic1101: Reverse engineering of a 2021 Honda Civic headunit
π£tnavda
I've been curious if the LKAS stuff is contained within one of the APKs, or if that software is located elsewhere. There is a hard-coded 45MPH minimum to activate LKAS, but that always seemed pretty arbitrary to me, and I wonder if one could modify that and see what happens.
π€ebol4anthr4x
π@malwr
π£tnavda
I've been curious if the LKAS stuff is contained within one of the APKs, or if that software is located elsewhere. There is a hard-coded 45MPH minimum to activate LKAS, but that always seemed pretty arbitrary to me, and I wonder if one could modify that and see what happens.
π€ebol4anthr4x
π@malwr
GitHub
GitHub - librick/ic1101: Reverse engineering and hacking 10th generation Honda Civic headunits
Reverse engineering and hacking 10th generation Honda Civic headunits - librick/ic1101
Ransomware Notes
This is a collection of various #ransomware notes from the past to the present.
https://github.com/threatlabz/ransomware_notes
#cybersecurity #infosec
https://t.me/hackgit/8819
π£hack_git
π@malwr
This is a collection of various #ransomware notes from the past to the present.
https://github.com/threatlabz/ransomware_notes
#cybersecurity #infosec
https://t.me/hackgit/8819
π£hack_git
π@malwr
Microsoft Threat Intelligence researchers share information on the Volt Typhoon state-sponsored actor, its campaign targeting critical infrastructure providers, & its tactics for achieving and maintaining unauthorized access to target networks. https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
ESET's Lukas Stefanko describes a new Android RAT based on AhMyth. AhRat's specific malicious behaviour, which involves extracting microphone recordings & stealing files with specific extensions, potentially indicates involvement in an espionage campaign. https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
The DFIR Report's researchers look into an incident that started with the execution of IcedID malware contained within an Excel document delivered to the victim as part of a malspam campaign. https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Iβm excited to kick the morning off by announcing the release of π Living Off the Orchard: macOS Binaries (LOOBins)!
https://loobins.io
You can find more details about the LOOBins project in my βIntroducing LOOBinsβ Medium post here:
https://infosecb.medium.com/introducing-loobins-9e732b9e06a6?source=friends_link&sk=e4d46e0ef07add52b5c77fd3a9dd3387
π£infosecb
π@malwr
https://loobins.io
You can find more details about the LOOBins project in my βIntroducing LOOBinsβ Medium post here:
https://infosecb.medium.com/introducing-loobins-9e732b9e06a6?source=friends_link&sk=e4d46e0ef07add52b5c77fd3a9dd3387
π£infosecb
π@malwr
LOOBins
Living Off the Orchard: macOS Binaries.
Fortinet researchers identified several simultaneous attacks targeting a government entity in the UAE. While most were classified as known threats, one remained unidentified - a custom targeted PowerShell-based backdoor with email-based C2 protocol. https://www.fortinet.com/blog/threat-research/operation-total-exchange-backdoor-discovered
π£virusbtn
π@malwr
π£virusbtn
π@malwr
How to geolocate mobile phones based on IP addresses?
http://nixintel.info/osint/geolocating-mobile-phones-with-an-ip/
@nixintel
@MwOsint
#OSINT #investigation #CTI #infosec #cybersecurity #DFIR #ThreatIntel #intelligence #reconnaissance
π£DailyOsint
π@malwr
http://nixintel.info/osint/geolocating-mobile-phones-with-an-ip/
@nixintel
@MwOsint
#OSINT #investigation #CTI #infosec #cybersecurity #DFIR #ThreatIntel #intelligence #reconnaissance
π£DailyOsint
π@malwr
Scan Container Images for Vulnerabilities with Docker Scout https://buff.ly/3OsMuVI #devops #opensource #automation
π£osodevops
π@malwr
π£osodevops
π@malwr
The New Stack
Scan Container Images for Vulnerabilities with Docker Scout
What sets Docker Scout apart from some of the other offerings is that it not only will display CVEs but also the composition of the image.
Tool Release: Code Credential Scanner (ccs) https://research.nccgroup.com/2023/05/23/tool-release-code-credential-scanner-ccs/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
CrowdStrike Falcon Platform Achieves Certification in AV-Comparativesβ First Anti-Tampering Test
π£BradW-CS
Tamper Resistant != Tamper Proof
π€Vengeful-Melon
Right. And yet it's still trivial?
Exit: W10 only
π€Doctorexx
π@malwr
π£BradW-CS
Tamper Resistant != Tamper Proof
π€Vengeful-Melon
Right. And yet it's still trivial?
Exit: W10 only
π€Doctorexx
π@malwr
crowdstrike.com
CrowdStrike Achieves Certification in AV-Comparativesβ First Anti-Tampering Test
Learn how CrowdStrike Falcon Enterprise successfully defended against all tampering attacks to win certification in AV-Comparatives first Anti-Tampering test.
DNS Identity - This report provides a view of authentication and verification of domain name owners in the context of domain name registration. It identifies the security challenges, good practices, security controls and associated risks in the domain name registration ecosystem.
π£digicat
π@malwr
π£digicat
π@malwr
www.enisa.europa.eu
DNS Identity | ENISA
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats.
π Part 1 of our #OALABS Patreon tutorial series on the PEB unlocked for everyoneβ¦
Understanding The PEB for Reverse Engineers
https://youtu.be/uyisPPTupmA
π£herrcore
π@malwr
Understanding The PEB for Reverse Engineers
https://youtu.be/uyisPPTupmA
π£herrcore
π@malwr
π₯1
Check Point's Alexey Bukhteyev & Arie Olshtein provide insights into GuLoader's evolution. GuLoader is a prominent shellcode-based downloader, active for more than 3 years, that has been used in a large number of attacks to deliver a wide range of malware. https://research.checkpoint.com/2023/cloud-based-malware-delivery-the-evolution-of-guloader/
π£virusbtn
π@malwr
π£virusbtn
π@malwr