What is the dark web?
What is the dark web, and how is it different from the deep web?
https://blog.talosintelligence.com/what-is-the-dark-web/
π@malwr
What is the dark web, and how is it different from the deep web?
https://blog.talosintelligence.com/what-is-the-dark-web/
π@malwr
Cisco Talos Blog
What is the dark web?
What is the dark web, and how is it different from the deep web?
β€1
Quishing Triage 101: How to Investigate Suspicious QR Codes in Emails
Quishing, derived from combining βQR codeβ and βphishing,β has manifested as a significant cybersecurity threat, particularly noting a discernible surge in incidents since July 2023. This technique leverages QR codes, square barcodes decipherable by mobile device cameras, to mislead users into interacting with malicious digital content. When a user scans a QR code in a...
https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails/
π@malwr
Quishing, derived from combining βQR codeβ and βphishing,β has manifested as a significant cybersecurity threat, particularly noting a discernible surge in incidents since July 2023. This technique leverages QR codes, square barcodes decipherable by mobile device cameras, to mislead users into interacting with malicious digital content. When a user scans a QR code in a...
https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails/
π@malwr
A Practical Approach to SBOM in CI/CD Part III β Tracking SBOMs with Dependency-Track
π£theowni
Do you fill up dependencies manually, or using something like BlackDuck?
π€broadexample
π@malwr
π£theowni
Do you fill up dependencies manually, or using something like BlackDuck?
π€broadexample
π@malwr
Medium
A Practical Approach to SBOM in CI/CD Part III β Tracking SBOMs with Dependency-Track
Crucial part of utilising a full potential of Software Bill of Materials is automation. This article covers automated projects trackingβ¦
Python SAST Security Tools?
So, for my apprenticeship i have to find a new SAST Security Tool to integrate into a pipeline. The only actual boundary is that it has to be open-source. Just so you know, the pipeline runs into a Docker container. It would be better if it easily implementable (in this project we use mainly Docker, maven and pip to install new tools in the container). Another guideline would be to find a tool that analyzes very used languages (like Python or Java). Alternately, can do other stuff but it should be simple enough to me to understand it (maybe policies tester are out of my league? i dunno).
We already use Trivy, Bandit, Semgrep, Safety, Checkov, [and under maven:\] Spotbugs, OWASP DC and Spotless (Techincally also Kubescape and Talisman but we have not fully developed them yet)
Before you ask, yes...i've tried to search on my own (pretty deeply, i think). So this what my precedent tries/alternatives are:
\- Flawfinder (a bit tricky to install and analyze only C/C++)
\- Pysa/Pyrecheck (it's not easy to install, hard to understand, and prints strange errors)
\- Bearer (probably my choice if i don't find a python alternative but...i hate Java)
Sorry for the long message and thanks to all for any advice or answer on the post. Of course i don't expect you to research, that is my job. Just write if anything pops in your mind.
Thx again!
π£Fanta_futuro
Your org is already using much of what is available for your needs so Iβm not sure what OSS are available with your criteria that could offer you more or even in-addition too, but youβve already first hand have seen this yourself.
I know many tools to meet your needs but now weβre moving away from OSS and into SaaS but my guess is you have no budget for that.
Off the cuff what are the odds that the ask could pivot to SCA provided you and everyone else are large consumers of OSS and need to/should maybe look to consider your OSS risk?
Otherwise the only thing I can offer you is this link to GitHub that may be of assistance.
https://github.com/analysis-tools-dev/static-analysis#python
π€Sivyre
π@malwr
So, for my apprenticeship i have to find a new SAST Security Tool to integrate into a pipeline. The only actual boundary is that it has to be open-source. Just so you know, the pipeline runs into a Docker container. It would be better if it easily implementable (in this project we use mainly Docker, maven and pip to install new tools in the container). Another guideline would be to find a tool that analyzes very used languages (like Python or Java). Alternately, can do other stuff but it should be simple enough to me to understand it (maybe policies tester are out of my league? i dunno).
We already use Trivy, Bandit, Semgrep, Safety, Checkov, [and under maven:\] Spotbugs, OWASP DC and Spotless (Techincally also Kubescape and Talisman but we have not fully developed them yet)
Before you ask, yes...i've tried to search on my own (pretty deeply, i think). So this what my precedent tries/alternatives are:
\- Flawfinder (a bit tricky to install and analyze only C/C++)
\- Pysa/Pyrecheck (it's not easy to install, hard to understand, and prints strange errors)
\- Bearer (probably my choice if i don't find a python alternative but...i hate Java)
Sorry for the long message and thanks to all for any advice or answer on the post. Of course i don't expect you to research, that is my job. Just write if anything pops in your mind.
Thx again!
π£Fanta_futuro
Your org is already using much of what is available for your needs so Iβm not sure what OSS are available with your criteria that could offer you more or even in-addition too, but youβve already first hand have seen this yourself.
I know many tools to meet your needs but now weβre moving away from OSS and into SaaS but my guess is you have no budget for that.
Off the cuff what are the odds that the ask could pivot to SCA provided you and everyone else are large consumers of OSS and need to/should maybe look to consider your OSS risk?
Otherwise the only thing I can offer you is this link to GitHub that may be of assistance.
https://github.com/analysis-tools-dev/static-analysis#python
π€Sivyre
π@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
π1
Lazarus μν κ·Έλ£Ήμ Volgmer, Scout μ
μ±μ½λ λΆμ λ³΄κ³ μ - Volgmer, Scout malware analysis report from the Lazarus threat group
π£digicat
π@malwr
π£digicat
π@malwr
ASEC
Lazarus μν κ·Έλ£Ήμ Volgmer, Scout μ
μ±μ½λ λΆμ λ³΄κ³ μ - ASEC
Lazarus μν κ·Έλ£Ήμ Volgmer, Scout μ
μ±μ½λ λΆμ λ³΄κ³ μ ASEC
β€1
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanc
π£digicat
π@malwr
π£digicat
π@malwr
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber securityβ¦
Several new Mirai variant families were widely deployed in September 2023, among which hailBot, kiraiBot and catDDoS are the most active.
EvilProxy Phishing Attack - The threat actors leveraged an open redirection vulnerability on the job search platform βindeed.comβ, redirecting victims to malicious phishing pages impersonating Microsoft.
π£digicat
π@malwr
π£digicat
π@malwr
Menlosecurity
EvilProxy Phishing Attack Strikes Indeed - Blog | Menlo Security
Menlo Labs identified a phishing campaign exploiting an open redirection vulnerability on job search platform Indeed.
β€1
Binarly REsearch - Multiple Critical Vulnerabilities in Supermicro BMCs
π£netsec_burn
Aren't we past this stuff yet:
π€derp6996
π@malwr
π£netsec_burn
Aren't we past this stuff yet:
Unfortunately, as usually happens during the disclosure process, the vendor tried to reduce the final impact of the documented vulnerabilities. We believe this to be an extremely wrong position, since end customers will have incorrect information when assessing the severity of a particular update. We encourage system administrators to keep their BMC systems up to date and follow NSA and CISA hardening guidelines.π€derp6996
π@malwr
www.binarly.io
Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs
Uncover Major Vulnerabilities in Supermicro BMCs. Dive into hidden attack surfaces and exploits found by BINARLY REsearch in Supermicro BMC IPMI firmware.
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
https://www.trendmicro.com/en_us/research/23/j/infection-techniques-across-supply-chains-and-codebases.html
π@malwr
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
https://www.trendmicro.com/en_us/research/23/j/infection-techniques-across-supply-chains-and-codebases.html
π@malwr
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Qakbot-affiliated actors distribute Ransom Night malware despite infrastructure takedown
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
π@malwr
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
π@malwr
Cisco Talos Blog
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.
NetHunter Hacker IX: Use MANA Toolkit to create Wi-Fi rogue access point and intercept traffic
https://www.mobile-hacker.com/2023/10/05/nethunter-hacker-ix-use-mana-toolkit-to-create-wi-fi-rogue-access-point-and-intercept-traffic/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-ix-use-mana-toolkit-to-create-wi-fi-rogue-access-point-and-intercept-traffic
π@malwr
https://www.mobile-hacker.com/2023/10/05/nethunter-hacker-ix-use-mana-toolkit-to-create-wi-fi-rogue-access-point-and-intercept-traffic/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-ix-use-mana-toolkit-to-create-wi-fi-rogue-access-point-and-intercept-traffic
π@malwr
Mobile Hacker
NetHunter Hacker IX: Use MANA Toolkit to create Wi-Fi rogue access point and intercept traffic Mobile Hacker
MANA allows you to perform various Wi-Fi attacks even using your Android device. The MANA (MITM And Network Attacks) Wireless Toolkit is a suite of tools that can be used to perform man-in-the-middle (MITM) attacks, create evil access point, denial of serviceβ¦
Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit
https://www.thezdi.com/blog/2023/10/5/looking-at-the-attack-surface-of-the-sony-xav-ax5500-head-unit
π@malwr
https://www.thezdi.com/blog/2023/10/5/looking-at-the-attack-surface-of-the-sony-xav-ax5500-head-unit
π@malwr
Zero Day Initiative
Zero Day Initiative β Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit
Last month, we looked at the attack surface of the ChargePoint Home Flex EV charger β one of the targets in the upcoming Pwn2Own Automotive contest. In this post, we look at the attack surface of another target in a different category. The Sony XAV-AX5500β¦
Is it bad to have a major security incident on your rΓ©sumΓ©? (Seriously I donβt know)
Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.
https://blog.talosintelligence.com/threat-source-newsletter-oct-5-2023/
π@malwr
Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.
https://blog.talosintelligence.com/threat-source-newsletter-oct-5-2023/
π@malwr
Cisco Talos Blog
Is it bad to have a major security incident on your rΓ©sumΓ©? (Seriously I donβt know)
Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.
How can I improve my chances of getting a role in DF?
I've worked for a while as a cop alongside university, and I'm really enjoying investigative work. By the end of the year I will have a BSc in Forensic Investigation, only one of the units was Digital Forensics which I scored a high first in. I've been working in IT for years now doing various repairs (hardware and software), soldering, including data recovery etc.
If I want to join as a Digital Forensics investigator in law enforcement, is there any hope, or have I sabotaged myself by not doing a computer science degree, as unsurprisingly it is a minimum starting point for a few positions I've found. Can accreditations like CompTIA or EC Council give me a better chance at these roles?
π£Forensiss
That background would get you a job with us and any number of other agencies I know. Guy I work with, an amazing examiner, but his degree was in forensic science. He wanted and applied to be in crime scene, but they saw he had a computer class so they said this is forensics too! 22 years later he's still in the game and schooling us every day. I wish DF did a better job with delineating the positions and levels out there. I feel like a lot of people are thinking everyone is responding to a DDoS and then reverse engineering malware when the real world is vastly different. Some days it's converting VHS tapes to digital to make the examination faster. It's not a super hard program so you don't need to be a computer science degree, but you'll need more than the some decent excel skills and the ability to reboot stuff. Now yes some people are doing amazingly advanced stuff and are Cyber Spooks, but sometimes you're the guy doing a logical on the phone of a victim of insurance fraud. Noble work in the end and you are more than qualified.
π€JerseyJunto
What has your own investigation into DF told you so far?
Just being LE (on its own) doesn't really qualify you for anything DF related.
A college course with one unit in DF doesn't do really that much.Soldering? Haven't used it once in over 23 years.
So, it boils down to how much past the few pages of Google do you look?What can you do that the person next to you can't?
Same as going for Sgt., Lt. or Detective. You get to the boards, how can you articulate your skills to the person wanting to retain you?
Can you withstand having your skills questioned by a competent attorney or judge?
What I hear from people at conferences and boards is that people jump in and want to join the DF world, talk about investigative experience, then don't mention what that experience is. Branch out and talk about your skills to the group and maybe someone here can help guide ya.
π€clarkwgriswoldjr
Do colleges have career centers to help students anymore?
π€MDCDF
π@malwr
I've worked for a while as a cop alongside university, and I'm really enjoying investigative work. By the end of the year I will have a BSc in Forensic Investigation, only one of the units was Digital Forensics which I scored a high first in. I've been working in IT for years now doing various repairs (hardware and software), soldering, including data recovery etc.
If I want to join as a Digital Forensics investigator in law enforcement, is there any hope, or have I sabotaged myself by not doing a computer science degree, as unsurprisingly it is a minimum starting point for a few positions I've found. Can accreditations like CompTIA or EC Council give me a better chance at these roles?
π£Forensiss
That background would get you a job with us and any number of other agencies I know. Guy I work with, an amazing examiner, but his degree was in forensic science. He wanted and applied to be in crime scene, but they saw he had a computer class so they said this is forensics too! 22 years later he's still in the game and schooling us every day. I wish DF did a better job with delineating the positions and levels out there. I feel like a lot of people are thinking everyone is responding to a DDoS and then reverse engineering malware when the real world is vastly different. Some days it's converting VHS tapes to digital to make the examination faster. It's not a super hard program so you don't need to be a computer science degree, but you'll need more than the some decent excel skills and the ability to reboot stuff. Now yes some people are doing amazingly advanced stuff and are Cyber Spooks, but sometimes you're the guy doing a logical on the phone of a victim of insurance fraud. Noble work in the end and you are more than qualified.
π€JerseyJunto
What has your own investigation into DF told you so far?
Just being LE (on its own) doesn't really qualify you for anything DF related.
A college course with one unit in DF doesn't do really that much.Soldering? Haven't used it once in over 23 years.
So, it boils down to how much past the few pages of Google do you look?What can you do that the person next to you can't?
Same as going for Sgt., Lt. or Detective. You get to the boards, how can you articulate your skills to the person wanting to retain you?
Can you withstand having your skills questioned by a competent attorney or judge?
What I hear from people at conferences and boards is that people jump in and want to join the DF world, talk about investigative experience, then don't mention what that experience is. Branch out and talk about your skills to the group and maybe someone here can help guide ya.
π€clarkwgriswoldjr
Do colleges have career centers to help students anymore?
π€MDCDF
π@malwr
Reddit
From the computerforensics community on Reddit
Explore this post and more from the computerforensics community
β€1π1
Preserve Microsoft Teams Messages
Hey everyone,
I was hoping someone could point me in the right direction for preserving Microsoft Teams messages.
Would it be easiest to collect the messages as a .PST via O365 Security & Compliance center then process the .PST in Axiom / Intella? Any other recommendations for preserving / displaying the message threads?
Thanks in advance.
π£hotsausce01
In terms of preserving my approach would be to export the PST from O365 as you state, generate a hash for the PST and preserve the PST and the hash.
More along the lines of analyzing the data than displaying it -
Once I have the pst I use pffexport https://manpages.ubuntu.com/manpages/xenial/man1/pffexport.1.html
to extract all the data out of the file.
pffexport creates a directory hierarchy that contains a folder for each item in the PST file. Within that folder you find a text or html file with the message, text files with metadata (like the SMTP headers and Outlook headers) and an attachments subfolder with all attachments saved in their native formats (pdf, png, docx, etc.)
I find this approach super useful for analysis. I can use tools like Grep, RipGrepAll or AgentRansack to do quick searches for patterns, or I can write simple perl or python scripts for more complicated bulk analysis (e.g. create a CSV file with the sender, date, recipient, subject and first line of message text for every email/meeting/teams message that has a jpg attachment with EXIF data matching phone model XXXXX).
π€AdCautious851
Message Crawler can convert the .pst files to RSMF. There are two flavors of .psts: Team Channel psts and the Team DMs from the personal mailbox for each user. I am still testing Message Crawler via the trial version (just download the program from their website).
It's a bit confusing going through the data in Message Crawler, but the tool definitely does the RSMF conversion job pretty well. I am not sure if it threads conversations together. I have not reviewed the many output options, yet. I'm sure someone can answer that. Message Crawler has YouTube channel with demonstrations, as well.
π€zero-skill-samus
π@malwr
Hey everyone,
I was hoping someone could point me in the right direction for preserving Microsoft Teams messages.
Would it be easiest to collect the messages as a .PST via O365 Security & Compliance center then process the .PST in Axiom / Intella? Any other recommendations for preserving / displaying the message threads?
Thanks in advance.
π£hotsausce01
In terms of preserving my approach would be to export the PST from O365 as you state, generate a hash for the PST and preserve the PST and the hash.
More along the lines of analyzing the data than displaying it -
Once I have the pst I use pffexport https://manpages.ubuntu.com/manpages/xenial/man1/pffexport.1.html
to extract all the data out of the file.
pffexport creates a directory hierarchy that contains a folder for each item in the PST file. Within that folder you find a text or html file with the message, text files with metadata (like the SMTP headers and Outlook headers) and an attachments subfolder with all attachments saved in their native formats (pdf, png, docx, etc.)
I find this approach super useful for analysis. I can use tools like Grep, RipGrepAll or AgentRansack to do quick searches for patterns, or I can write simple perl or python scripts for more complicated bulk analysis (e.g. create a CSV file with the sender, date, recipient, subject and first line of message text for every email/meeting/teams message that has a jpg attachment with EXIF data matching phone model XXXXX).
π€AdCautious851
Message Crawler can convert the .pst files to RSMF. There are two flavors of .psts: Team Channel psts and the Team DMs from the personal mailbox for each user. I am still testing Message Crawler via the trial version (just download the program from their website).
It's a bit confusing going through the data in Message Crawler, but the tool definitely does the RSMF conversion job pretty well. I am not sure if it threads conversations together. I have not reviewed the many output options, yet. I'm sure someone can answer that. Message Crawler has YouTube channel with demonstrations, as well.
π€zero-skill-samus
π@malwr
Reddit
From the computerforensics community on Reddit
Explore this post and more from the computerforensics community
Discarded, not destroyed: Old routers reveal corporate secrets
When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
π@malwr
When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
π@malwr
Welivesecurity
Discarded, not destroyed: Old routers reveal corporate secrets
When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'