Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017…

Contribute to Execute-CSharp-From-XSLT-TEST development by creating an account on GitHub.

A blog about information security, hacking, and protecting digital infrastructure. Penetration testing, malware analysis, and intrusion detection.

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free (UAF) vulnerability, which leads to Remote Code Execution (RCE);…

You can configure network port forwarding in all Windows versions without using third-party tools. Using a port forwarding rule, you can redirect an incoming TCP connection (IPv4 or IPv6) from…

CVE-2018-4087 PoC. Contribute to rani-i/bluetoothdPoC development by creating an account on GitHub.

This is a common issue I’ve run across that has several catch 22’s. What is the appropriate amount of cached credentials I should be…

What is Mimikatz? Mimikatz is a Tool made in C Language by Benjamin Delpy. It is a great tool to extract plain text passwords, hashes

Unit 42 examines recent Sofacy group activities including multiple attacks to government entities.

PowerShell Remote Download Cradle Generator & Obfuscator - danielbohannon/Invoke-CradleCrafter

Exchange privilege escalations to Active Directory - gdedrouas/Exchange-AD-Privesc

MS17-010. Contribute to worawit/MS17-010 development by creating an account on GitHub.

APT & CyberCriminal Campaign Collection. Contribute to CyberMonitor/APT_CyberCriminal_Campagin_Collections development by creating an account on GitHub.

An exploration of different browser automation methods to inject JavaScript into webpages.

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

In this article, we will learn about how to configure the password-protected Apache Web Server to restrict from online visitors without validation so that we

One of the most frustrating things to me as a security person is having sales and marketing types confuse the different types of security assessment. Similariti