Github - ZygiskFrida: Injecting frida gadget via Zygisk
π£Lico_
This is a little tool I have been working on. It is an alternative way to inject frida into android processes. Instead of embedding the gadget into the APK or frida-server injecting it via ptrace, this module loads the gadget via Zygisk. I found it useful as it is sometimes able to bypass simple checks out of the box and decided to open source it.
Didnβt have much opportunity to work with C/C++ before and used this to learn a bit about zygisk modules and the language. So any feedback, contributions and suggestions are welcome.
π€Lico_
π@malwr
π£Lico_
This is a little tool I have been working on. It is an alternative way to inject frida into android processes. Instead of embedding the gadget into the APK or frida-server injecting it via ptrace, this module loads the gadget via Zygisk. I found it useful as it is sometimes able to bypass simple checks out of the box and decided to open source it.
Didnβt have much opportunity to work with C/C++ before and used this to learn a bit about zygisk modules and the language. So any feedback, contributions and suggestions are welcome.
π€Lico_
π@malwr
GitHub
GitHub - lico-n/ZygiskFrida: Injects frida gadget using zygisk to bypass anti-tamper checks.
Injects frida gadget using zygisk to bypass anti-tamper checks. - lico-n/ZygiskFrida
π₯1
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
π£jnazario
π@malwr
π£jnazario
π@malwr
SentinelOne
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.
Introduction to Command and Control Servers | TryHackMe Red Team Track
In this video walk-through, we covered an introduction to C2 servers. We explained C2 agents, payloads and their types (staged vs stageless), Droppers, beacons in addition to C2 agents obfuscation methods. We also covered some of the popular C2 servers including but not limited to Metasploit, Powershell Empire, Armitage and Cobalt Strike. This was part of the TryHackMe red team pathway.
Video is here
π£MotasemHa
Thanks for the video! but I don't get why people still use Metasploit or Armitage in their red team engagements or to simulate attacks, these couple of frameworks are flagged by modern EDRs and mostly used by script kids IMHO. It would be much better if you switch them up with Covenant, Mythic, or Cobalt Strike.
π€KeyPrompt4278
π@malwr
In this video walk-through, we covered an introduction to C2 servers. We explained C2 agents, payloads and their types (staged vs stageless), Droppers, beacons in addition to C2 agents obfuscation methods. We also covered some of the popular C2 servers including but not limited to Metasploit, Powershell Empire, Armitage and Cobalt Strike. This was part of the TryHackMe red team pathway.
Video is here
π£MotasemHa
Thanks for the video! but I don't get why people still use Metasploit or Armitage in their red team engagements or to simulate attacks, these couple of frameworks are flagged by modern EDRs and mostly used by script kids IMHO. It would be much better if you switch them up with Covenant, Mythic, or Cobalt Strike.
π€KeyPrompt4278
π@malwr
YouTube
Introduction to Command and Control Servers | TryHackMe Red Team Track
In this video walk-through, we covered an introduction to C2 servers. We explained C2 agents, payloads and their types (staged vs stageless), Droppers, beacons in addition to C2 agents obfuscation methods. We also covered some of the popular C2 servers includingβ¦
One-click setup SCCM Lab (as snaplabs.io template) for offensive tool testing (or for anything else)
π£an0n_r0
little bit more context: https://twitter.com/an0n_r0/status/1687230842601451522
π€an0n_r0
π@malwr
π£an0n_r0
little bit more context: https://twitter.com/an0n_r0/status/1687230842601451522
π€an0n_r0
π@malwr
X (formerly Twitter)
an0n (@an0n_r0) on X
Sharing my @snaplabsio #SCCM Lab template:
https://t.co/tfDVhjlFq5
By importing this you'll have a working SCCM environment immediately without any effort.
Specific extra configuration might be needed for various exploitation techniques, but hopefullyβ¦
https://t.co/tfDVhjlFq5
By importing this you'll have a working SCCM environment immediately without any effort.
Specific extra configuration might be needed for various exploitation techniques, but hopefullyβ¦
Vulnerable WordPress: Release 2023 July - Plugins:142 Vulns:179
π£seyyid_
Par for the course.
π€DevSpectre1
To quote a wise man "WordPress is a remote shell with a handy blogging feature"
π€theskymoves
π@malwr
π£seyyid_
Par for the course.
π€DevSpectre1
To quote a wise man "WordPress is a remote shell with a handy blogging feature"
π€theskymoves
π@malwr
GitHub
Release 2023 July - Lake Urmia Β· onhexgroup/Vulnerable-WordPress
Information about this release:
Worpress version: 6.2.2
Number of installed plugins (Clean and Vulnerable) : 142
Number of vulnerabilities: 179
adminuser: onhexgroup
adminpass: jidCy(SbEz!25qyjT...
Worpress version: 6.2.2
Number of installed plugins (Clean and Vulnerable) : 142
Number of vulnerabilities: 179
adminuser: onhexgroup
adminpass: jidCy(SbEz!25qyjT...
π2
TunnelCrack, a combination of two widespread security vulnerabilities in VPNs - Both attacks manipulate the victim's routing table to trick the victim into sending traffic outside the protected VPN tunnel, allowing an adversary to read and intercept transmitted traffic
π£digicat
π@malwr
π£digicat
π@malwr
Mathyvanhoef
TunnelCrack: Widespread design flaws in VPN clients
We present two widespread design flaws in VPN client. These can be abused to make a victim leak traffic in plaintext outside the protected VPN tunnel.
Focus on DroxiDat/SystemBC - , the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in a south African nationβs critical infrastructure.
π£digicat
π@malwr
π£digicat
π@malwr
Securelist
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack
π£yankmywire
π@malwr
π£yankmywire
π@malwr
CBC
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack | CBC News
LifeLabs could pay at least $4.9 million and up to $9.8 million to settle a class-action lawsuit arising from a 2019 cyberattack that compromised patient data, primarily in Ontario and B.C.