Critical Vulnerabilities in Progress Software WS_FTP Server - exploitable with a single HTTPS POST request and a pre-existing ysoserial.net gadget - exploitation observed
🗣digicat
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 vendor advisory
👤digicat
https://x.com/MCKSysAr/status/1707855204647899194?s=20 < claimed exploit PoC
👤digicat
https://censys.com/cve-2023-40044/
👤digicat
🎖@malwr
🗣digicat
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 vendor advisory
👤digicat
https://x.com/MCKSysAr/status/1707855204647899194?s=20 < claimed exploit PoC
👤digicat
https://censys.com/cve-2023-40044/
👤digicat
🎖@malwr
Rapid7
Critical Vulnerabilities in WS_FTP Server | Rapid7 Blog
Sub7 source code released - an old code but it checks out
🗣digicat
Fond memories 🥳
👤castleinthesky86
🎖@malwr
🗣digicat
Fond memories 🥳
👤castleinthesky86
🎖@malwr
GitLab
illwill / Sub7 · GitLab
Source code for SubSeven 2.1.3
😈2
Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention — well more like ideas and concepts
Little summary I did when I worked on securing my lab/home network.
https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d
🗣thattechkitten
🎖@malwr
Little summary I did when I worked on securing my lab/home network.
https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d
🗣thattechkitten
🎖@malwr
Medium
Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention — well more…
UPDATE: Looks like MS released GPO controls finally: https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/policies
Malware News pinned «Guys with premium telegram account, boost please: https://t.me/malwr?boost»
What is the term used to describe the process of reverse-engineering malware to understand its inner workings?
Final Results
27%
Sandboxing
59%
Decompilation
11%
Obfuscation
3%
Code Injection
👍3
NetworkMiner 2.8.1 Released
I am happy to announce the release of NetworkMiner 2.8.1 today! This new release brings a VNC parser to NetworkMiner, so that screenshots, keystrokes and clipboard data can be extracted from unencrypted VNC traffic. NetworkMiner 2.8.1 additionally includes parsers for command-and-control (C2) protoc...
https://www.netresec.com/?page=Blog&month=2023-10&post=NetworkMiner-2-8-1-Released
🎖@malwr
I am happy to announce the release of NetworkMiner 2.8.1 today! This new release brings a VNC parser to NetworkMiner, so that screenshots, keystrokes and clipboard data can be extracted from unencrypted VNC traffic. NetworkMiner 2.8.1 additionally includes parsers for command-and-control (C2) protoc...
https://www.netresec.com/?page=Blog&month=2023-10&post=NetworkMiner-2-8-1-Released
🎖@malwr
Netresec
NetworkMiner 2.8.1 Released
I am happy to announce the release of NetworkMiner 2.8.1 today! This new release brings a VNC parser to NetworkMiner, so that screenshots, keystrokes and clipboard data can be extracted from unencrypted VNC traffic. NetworkMiner 2.8.1 additionally includes…
👍1
fit: FIT is a Python3 application for forensic acquisition of contents like web pages, emails, social media, etc. directly from the internet.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - fit-project/fit: FIT is a modular suite of Python applications for digital forensic acquisition of online contents such…
FIT is a modular suite of Python applications for digital forensic acquisition of online contents such as web pages, emails, social media, and more. Each module can run independently or as part of ...
Infección en sitio web de e-commerce chileno - Infection on Chilean e-commerce website - after generating a connection to binance to be able to read a “smart contract”, you must execute whatever comes as a response through the “eval” method.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
FINSIN
Infección en sitio web de e-commerce chileno
Por un proceso de simple suerte, visitando a un sitio de e-commerce chileno, me encontré con un popup extraño que me hizo recorrer una serie saltos y encontrar que el sitio había sido comprometido …
Swirl - An open-source search platform. It allows you to search and use AI to find the correct information quickly and easily.
🗣search_guy
🎖@malwr
🗣search_guy
🎖@malwr
GitHub
GitHub - swirlai/swirl-search: AI Search & RAG Without Moving Your Data. Get instant answers from your company's knowledge across…
AI Search & RAG Without Moving Your Data. Get instant answers from your company's knowledge across 100+ apps while keeping data secure. Deploy in minutes, not months. - swirlai/swirl-search
2nd October – Threat Intelligence Report
https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/
🎖@malwr
https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/
🎖@malwr
Check Point Research
2nd October – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 2nd October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point researchers have detected a phishing campaign exploiting popular file-sharing program Dropbox.…
Free SIEM to augment existing SIEM.
Currently we have SIEM (SAAS Solution) that covers all of our servers, switches, routers firewalls.
We do not collect logs for any of our workstations (3000 workstations) and I would like to have something but we do not have any budget to increase our existing SIEM capacity. I just want to have something incase I need to review logs on a workstations.
I was looking at Wazuh but it does not look like it will scale well with that many workstations.
Any recommendations?
🗣Critical_Egg_913
I'm going to be different and say, you don't need a siem to handle workstations. Get alerts out of your EDR and then use Velociraptor to query for logs and other events on workstations.
👤mustacheride3
I just ran across gravwell.io I'm currently testing it out in a lab but it looks promising. It is free up to 14gb/day
👤semipvt
Graylog. Open Source Splunk.
👤SLC_CA
🎖@malwr
Currently we have SIEM (SAAS Solution) that covers all of our servers, switches, routers firewalls.
We do not collect logs for any of our workstations (3000 workstations) and I would like to have something but we do not have any budget to increase our existing SIEM capacity. I just want to have something incase I need to review logs on a workstations.
I was looking at Wazuh but it does not look like it will scale well with that many workstations.
Any recommendations?
🗣Critical_Egg_913
I'm going to be different and say, you don't need a siem to handle workstations. Get alerts out of your EDR and then use Velociraptor to query for logs and other events on workstations.
👤mustacheride3
I just ran across gravwell.io I'm currently testing it out in a lab but it looks promising. It is free up to 14gb/day
👤semipvt
Graylog. Open Source Splunk.
👤SLC_CA
🎖@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community