638 matches found
Simplifying and Prioritizing Advanced Threat Response Measures
I had to go to the doctor the other day because I was miserable and sick. I don’t like going to the doctor so I waited until my stuffy nose and congestion turned into a full blown sinus infection. The doctor said this thing was going around, and I should be better in a few day with my prescriptio...
Threatlist: Manufacturing, a Top Target for Espionage
When it comes to cyberattack-related reconnaissance and lateral movement activity, the manufacturing industry exhibits higher than normal rates. That’s according to Vectra’s 2018 Spotlight Report on Manufacturing, which crunched data from more than 4 million devices and workloads from customer...
Iron Rain: Cybersecurity Is an Ever-Changing Battlefield
Editor's Note: This is the final blog in a three-part series, "Iron Rain" from Tom Kellermann and Rick McElroy. Part 1: Iron Rain: What Defines a Cyber Insurgency? Part 2: Iron Rain: Gaining Situational Intelligence to Make Rapid Decisions Part 3: The ever-changing battlefield. Just like in comba...
Carbon Black Report: China, Russia & North Korea Launching Sophisticated, Espionage-Focused Cyberattacks
Even as a steady drumbeat of headlines keeps the world’s attention focused on cybercrimes, such as ransomware and cryptojacking, in the dark corners of the internet, attackers are busy refining their craft. According to the world’s top incident response IR professionals, cyberattackers are honing...
Hacker Puts Airport's Security System Access On Dark Web Sale For Just $10
If you can't find it on Google, you will definitely find it on the Dark Web. Black markets on the Dark web are not known for just buying drugs, it is a massive hidden network where you can buy pretty much anything you can imagine—from pornography, weapon, and counterfeit currencies, to hacking...
Newsmaker Interview: VDOO CEO Talks Top IoT Threats
IoT security is like a game of Whac-A-Mole. Fix one CVE and four new bugs pop up. Last month, researchers found a slew of vulnerabilities in Axis cameras that could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Also in June, IP...
Excerpts from Modern Bank Heists – Data Gathering
Carbon Black recently published a report on how to gather data to improve the security posture of your enterprise. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo...
Excerpts from Modern Bank Heists – Overview
Carbon Black recently published a report on the newest threats facing the financial world, and how to counteract them. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live...
Honeybits - A Simple Tool Designed To Enhance The Effectiveness Of Your Traps By Spreading Breadcrumbs & Honeytokens Across Your Systems
A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. Author: Adel "0x4D31" Karimi. Background The problem with the traditional implementation of honeypot...
Establishing a Baseline for Remote Desktop Protocol
For IT staff and Windows power users, Microsoft Terminal Services Remote Desktop Protocol RDP is a beneficial tool that allows for the interactive.aspx use or administration of a remote Windows system. However, Mandiant consultants have also observed threat actors using RDP, with compromised doma...
Automated Bots Growing Tool For Hackers
SAN FRANCISCO – The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeyp...
DCOM Exec
A similar approach to psexec but executing commands through DCOM. You can select different objects to be used to execute the commands. !/usr/bin/env python3 Copyright c 2003-2018 CORE Security Technologies This software is provided under under a slightly modified version of the Apache Software...
Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
Introduction From January 2018 to March 2018, through FireEye’s Dynamic Threat Intelligence, we observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East. We attribute this activity t...
Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...
PowerShell Post-Exploitation Agent: Empire
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architectur...
BadRabbit: a closer look at the new version of Petya/NotPetya
Petya/NotPetya aka EternalPetya, made headlines in June, due to it's massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral...
Threat Spotlight: Follow the Bad Rabbit
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-10-26 16:10 EDT: added additional information regarding the links between Nyetya and BadRabbitUpdate 2017-10-26 09:20...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android
-CVE-2017-0785-BlueBorne-PoC CVE-2017-0785 BlueBorne PoC Gener...
Proxy Aware PowerShell C2 Framework: PoshC2
PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...
Portia - Automate Techniques Commonly Performed On Internal Network Penetration Tests
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised: Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders - known for their...