Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
SentinelOne
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.
Introduction to Command and Control Servers | TryHackMe Red Team Track
In this video walk-through, we covered an introduction to C2 servers. We explained C2 agents, payloads and their types (staged vs stageless), Droppers, beacons in addition to C2 agents obfuscation methods. We also covered some of the popular C2 servers including but not limited to Metasploit, Powershell Empire, Armitage and Cobalt Strike. This was part of the TryHackMe red team pathway.
Video is here
๐ฃMotasemHa
Thanks for the video! but I don't get why people still use Metasploit or Armitage in their red team engagements or to simulate attacks, these couple of frameworks are flagged by modern EDRs and mostly used by script kids IMHO. It would be much better if you switch them up with Covenant, Mythic, or Cobalt Strike.
๐คKeyPrompt4278
๐@malwr
In this video walk-through, we covered an introduction to C2 servers. We explained C2 agents, payloads and their types (staged vs stageless), Droppers, beacons in addition to C2 agents obfuscation methods. We also covered some of the popular C2 servers including but not limited to Metasploit, Powershell Empire, Armitage and Cobalt Strike. This was part of the TryHackMe red team pathway.
Video is here
๐ฃMotasemHa
Thanks for the video! but I don't get why people still use Metasploit or Armitage in their red team engagements or to simulate attacks, these couple of frameworks are flagged by modern EDRs and mostly used by script kids IMHO. It would be much better if you switch them up with Covenant, Mythic, or Cobalt Strike.
๐คKeyPrompt4278
๐@malwr
YouTube
Introduction to Command and Control Servers | TryHackMe Red Team Track
In this video walk-through, we covered an introduction to C2 servers. We explained C2 agents, payloads and their types (staged vs stageless), Droppers, beacons in addition to C2 agents obfuscation methods. We also covered some of the popular C2 servers includingโฆ
One-click setup SCCM Lab (as snaplabs.io template) for offensive tool testing (or for anything else)
๐ฃan0n_r0
little bit more context: https://twitter.com/an0n_r0/status/1687230842601451522
๐คan0n_r0
๐@malwr
๐ฃan0n_r0
little bit more context: https://twitter.com/an0n_r0/status/1687230842601451522
๐คan0n_r0
๐@malwr
X (formerly Twitter)
an0n (@an0n_r0) on X
Sharing my @snaplabsio #SCCM Lab template:
https://t.co/tfDVhjlFq5
By importing this you'll have a working SCCM environment immediately without any effort.
Specific extra configuration might be needed for various exploitation techniques, but hopefullyโฆ
https://t.co/tfDVhjlFq5
By importing this you'll have a working SCCM environment immediately without any effort.
Specific extra configuration might be needed for various exploitation techniques, but hopefullyโฆ
Vulnerable WordPress: Release 2023 July - Plugins:142 Vulns:179
๐ฃseyyid_
Par for the course.
๐คDevSpectre1
To quote a wise man "WordPress is a remote shell with a handy blogging feature"
๐คtheskymoves
๐@malwr
๐ฃseyyid_
Par for the course.
๐คDevSpectre1
To quote a wise man "WordPress is a remote shell with a handy blogging feature"
๐คtheskymoves
๐@malwr
GitHub
Release 2023 July - Lake Urmia ยท onhexgroup/Vulnerable-WordPress
Information about this release:
Worpress version: 6.2.2
Number of installed plugins (Clean and Vulnerable) : 142
Number of vulnerabilities: 179
adminuser: onhexgroup
adminpass: jidCy(SbEz!25qyjT...
Worpress version: 6.2.2
Number of installed plugins (Clean and Vulnerable) : 142
Number of vulnerabilities: 179
adminuser: onhexgroup
adminpass: jidCy(SbEz!25qyjT...
๐2
TunnelCrack, a combination of two widespread security vulnerabilities in VPNs - Both attacks manipulate the victim's routing table to trick the victim into sending traffic outside the protected VPN tunnel, allowing an adversary to read and intercept transmitted traffic
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Mathyvanhoef
TunnelCrack: Widespread design flaws in VPN clients
We present two widespread design flaws in VPN client. These can be abused to make a victim leak traffic in plaintext outside the protected VPN tunnel.
Focus on DroxiDat/SystemBC - , the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in a south African nationโs critical infrastructure.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Securelist
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack
๐ฃyankmywire
๐@malwr
๐ฃyankmywire
๐@malwr
CBC
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack | CBC News
LifeLabs could pay at least $4.9 million and up to $9.8 million to settle a class-action lawsuit arising from a 2019 cyberattack that compromised patient data, primarily in Ontario and B.C.
Creating a lightweight malware Scanner
Dear Cybersecurity experts,
I worked at a company where a lot of people would come by with their personal USB drives and use them to load documents onto computers inside the corporate network. These computers where outside of the internet and had no antivirus, meaning that if a virus would be loaded onto it using an USB it could damage the machine easily. Nobody ever checked the comtent of the usb drives before connecting them.
To prevent this, I came up with the simple solution of creating an application for the Raspberry Pi. The Raspberry Pi had a touchscreen, so when the user brought his usb drive, he would connect it to the raspberry pi, select it on the touchscreen and let it verify from the app. After it was confirmed from the application that the usb was clean, the user was allowed to connect it to the server. Even if a virus happened to infect the Raspberry Pi (very unlikely), it was easier to replace than a computer.
Since the Raspberry Pi 3 I used for the project didn't have that much resources to work with, the virus scanner I created was very simple and only used MD5 hashes to check for viruses. It compared each hashed file with a database and that's it. On one hand it's a very fast and lightweight approach, on the other hand it's not very secure.
So, since I'm not an Security expert myself, I wanted to ask you if you know any other systems I might use to check a file without using up too much resources. Sandboxing a file for example is probably not possible using just about 1GB Ram.
If you want to check it out, my project is open-source: Raspirus
I used the signatures in MD5 format from Virusshare for my database.
๐ฃBenben377
You could possibly try some sort of YARA implementation.
YARA:
https://virustotal.github.io/yara/
more resources and rule sets:
https://github.com/InQuest/awesome-yara
๐ค_hudsn
๐@malwr
Dear Cybersecurity experts,
I worked at a company where a lot of people would come by with their personal USB drives and use them to load documents onto computers inside the corporate network. These computers where outside of the internet and had no antivirus, meaning that if a virus would be loaded onto it using an USB it could damage the machine easily. Nobody ever checked the comtent of the usb drives before connecting them.
To prevent this, I came up with the simple solution of creating an application for the Raspberry Pi. The Raspberry Pi had a touchscreen, so when the user brought his usb drive, he would connect it to the raspberry pi, select it on the touchscreen and let it verify from the app. After it was confirmed from the application that the usb was clean, the user was allowed to connect it to the server. Even if a virus happened to infect the Raspberry Pi (very unlikely), it was easier to replace than a computer.
Since the Raspberry Pi 3 I used for the project didn't have that much resources to work with, the virus scanner I created was very simple and only used MD5 hashes to check for viruses. It compared each hashed file with a database and that's it. On one hand it's a very fast and lightweight approach, on the other hand it's not very secure.
So, since I'm not an Security expert myself, I wanted to ask you if you know any other systems I might use to check a file without using up too much resources. Sandboxing a file for example is probably not possible using just about 1GB Ram.
If you want to check it out, my project is open-source: Raspirus
I used the signatures in MD5 format from Virusshare for my database.
๐ฃBenben377
You could possibly try some sort of YARA implementation.
YARA:
https://virustotal.github.io/yara/
more resources and rule sets:
https://github.com/InQuest/awesome-yara
๐ค_hudsn
๐@malwr
GitHub
GitHub - Raspirus/raspirus: A user- and resources-friendly rules-based malware scanner
A user- and resources-friendly rules-based malware scanner - Raspirus/raspirus
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth
๐ฃTheCrazyAcademic
๐@malwr
๐ฃTheCrazyAcademic
๐@malwr
Medium
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects andโฆ
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth So I wanted to explore the two bug classes of server sideโฆ
Administrator of โBulletproofโ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
www.justice.gov
Administrator of โBulletproofโ Webhosting Domain Charged in Connection
An indictment was unsealed yesterday in Tampa, Florida, charging a Polish national with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of โbulletproofโ webhosting services that facilitatedโฆ