Pafish - Tool to Detect Sandboxes and Analysis Environments in the Same Way as… https://github.com/a0rtega/pafish #Malware #MalwareAnalysis
New Type of Brute Force Attack on Office 365 Accounts
Sophisticated and coordinated hackers are constantly adapting and using innovative techniques to gain unauthorized access to corporate data. Recently, 48 Office 365 customers experienced exactly this kind of threat where an attacker implemented a new strategy to try to access high-level information.
The brute force login attack was unique in that it was directed against a few key targets across multiple companies instead of casting a wider net against as many users as possible. There were 100,000 failed-login attempts originating from 67 IPs and 12 networks over a period of nearly 7 months.
https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office-365-accounts/
Sophisticated and coordinated hackers are constantly adapting and using innovative techniques to gain unauthorized access to corporate data. Recently, 48 Office 365 customers experienced exactly this kind of threat where an attacker implemented a new strategy to try to access high-level information.
The brute force login attack was unique in that it was directed against a few key targets across multiple companies instead of casting a wider net against as many users as possible. There were 100,000 failed-login attempts originating from 67 IPs and 12 networks over a period of nearly 7 months.
https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office-365-accounts/
APT28 Targets Hospitality Sector, Presents Threat to Travelers.
The malicious document – Hotel_Reservation_Form.doc (MD5: 9b10685b774a783eabfecdb6119a8aa3), as seen in Figure 1 – contains a macro that base64 decodes a dropper that then deploys APT28’s signature GAMEFISH malware (MD5: 1421419d1be31f1f9ea60e8ed87277db), which uses mvband.net and mvtband.net as command and control (C2) domains.
https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
The malicious document – Hotel_Reservation_Form.doc (MD5: 9b10685b774a783eabfecdb6119a8aa3), as seen in Figure 1 – contains a macro that base64 decodes a dropper that then deploys APT28’s signature GAMEFISH malware (MD5: 1421419d1be31f1f9ea60e8ed87277db), which uses mvband.net and mvtband.net as command and control (C2) domains.
https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
FireEye
APT28 Targets Hospitality Sector, Presents Threat to Travelers
The hospitality sector is being actively targeted in a campaign that FireEye attributes with moderate confidence to APT28.
Safari null ptr crash:
<script>var s = new window.webkitOfflineAudioContext(2,44100*0x41414141, 44100);</script>
<script>var s = new window.webkitOfflineAudioContext(2,44100*0x41414141, 44100);</script>
RUSSIA'S 'FANCY BEAR' HACKERS USED LEAKED NSA TOOL TO TARGET HOTEL GUESTS.
https://www.wired.com/story/fancy-bear-hotel-hack/
https://www.wired.com/story/fancy-bear-hotel-hack/
Ad blocking is under attack!
Well, this is huge, so I'd like to draw your attention to what's happening right now. This is a very alarming case, and it concerns every ad blocker user.
https://blog.adguard.com/en/ad-blocking-is-under-attack/
Well, this is huge, so I'd like to draw your attention to what's happening right now. This is a very alarming case, and it concerns every ad blocker user.
https://blog.adguard.com/en/ad-blocking-is-under-attack/
Attacking Self-Hosted Skype for Business/Microsoft Lync Installations
https://www.trustedsec.com/2017/08/attacking-self-hosted-skype-businessmicrosoft-lync-installations/
https://www.trustedsec.com/2017/08/attacking-self-hosted-skype-businessmicrosoft-lync-installations/
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Vehículos autónomos hackeados con falsas señales de tráfico
Cada día somos testigos de nuevos avances en la conducción autónoma de vehículos. Muchas empresas presentan prototipos y algunos incluso ya lo tienen en producción como Tesla autopilot. Estos vehículos son capaces de analizar el entorno que les rodea y de esa forma conducir por ellos mismos, sin intervención humana alguna.
http://www.elladodelmal.com/2017/08/vehiculos-autonomos-hackeados-con.html
Cada día somos testigos de nuevos avances en la conducción autónoma de vehículos. Muchas empresas presentan prototipos y algunos incluso ya lo tienen en producción como Tesla autopilot. Estos vehículos son capaces de analizar el entorno que les rodea y de esa forma conducir por ellos mismos, sin intervención humana alguna.
http://www.elladodelmal.com/2017/08/vehiculos-autonomos-hackeados-con.html
Project Sonar - Mo' Data, Mo' Research
Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community. Over the years this has resulted in vulnerability disclosures, research papers, conference presentations, community collaboration and data. Lots and lots of data.
https://community.rapid7.com/community/infosec/blog/2017/05/09/sonar-mo-data-mo-research
Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community. Over the years this has resulted in vulnerability disclosures, research papers, conference presentations, community collaboration and data. Lots and lots of data.
https://community.rapid7.com/community/infosec/blog/2017/05/09/sonar-mo-data-mo-research
Malware Analysis ElmersGlue Ransomware (another skid #ransomware with hardcoded key)
https://www.youtube.com/watch?v=x11AQ3iu8dI
https://www.youtube.com/watch?v=x11AQ3iu8dI
YouTube
Malware Analysis ElmersGlue Ransomware
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com ...
Así las cosas con el bitcoin en este momento 😬
1 #bitcoin = $67255.00 MXN
$3773.71 USD
1 USD = 17.82MXN
1 #bitcoin = $67255.00 MXN
$3773.71 USD
1 USD = 17.82MXN
The radio frequency spectrum + machine learning = DARPA's new Radio Frequency Machine Learning Systems program
https://www.darpa.mil/news-events/2017-08-11a #iot
https://www.darpa.mil/news-events/2017-08-11a #iot
PyREBox - Python scriptable Reverse Engineering Sandbox
PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to instrument its execution, by creating simple scripts in python to automate any kind of analysis. QEMU (when working as a whole-system-emulator) emulates a complete system (CPU, memory, devices...). By using VMI techniques, it does not require to perform any modification into the guest operating system, as it transparently retrieves information from its memory at run-time.
https://github.com/Cisco-Talos/pyrebox
PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to instrument its execution, by creating simple scripts in python to automate any kind of analysis. QEMU (when working as a whole-system-emulator) emulates a complete system (CPU, memory, devices...). By using VMI techniques, it does not require to perform any modification into the guest operating system, as it transparently retrieves information from its memory at run-time.
https://github.com/Cisco-Talos/pyrebox
Official Black Hat Arsenal Tools Github Repository
This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility, the tools are classified by category and not by session.
https://github.com/toolswatch/blackhat-arsenal-tools
This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility, the tools are classified by category and not by session.
https://github.com/toolswatch/blackhat-arsenal-tools
Remote format string exploit in syslog() - bin 0x1E
Solving final1 from exploit-exercises.com with a format string vulnerability because of syslog().
https://www.youtube.com/watch?v=MBz5C9Wa6KM
Solving final1 from exploit-exercises.com with a format string vulnerability because of syslog().
https://www.youtube.com/watch?v=MBz5C9Wa6KM
YouTube
Remote format string exploit in syslog() - bin 0x1E
Solving final1 from exploit.education with a format string vulnerability because of syslog().
final1: https://exploit.education/protostar/final-one/
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.you…
final1: https://exploit.education/protostar/final-one/
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.you…
Pafish - Tool to Detect Sandboxes and Analysis Environments in the Same Way as Malware Families Do
https://github.com/a0rtega/pafish
https://github.com/a0rtega/pafish
Here's a picture of @MalwareTechBlog and @marciahofmann before the hearing.