637 matches found
APT28 Targets Hospitality Sector, Presents Threat to Travelers
FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several...
Automated Privilege Escalation: portia
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...
Petya Ransomware Lateral Movement Remote Code Execution
Petya is a malware that infects Windows computers, encrypting files and demanding ransom to decrypt the files. Once a network is infected the malware propagates laterally to further infect devices on the network...
Petya Destructive Malware Variant Spreading via Stolen Credentials and EternalBlue Exploit
UPDATE July 21: FireEye continues to track this threat. An earlier version of this post has been updated to reflect new findings. On June 27, 2017, multiple organizations – many in Europe – reported significant disruptions they are attributing to a variant of the Petya ransomware, which we are...
xDedic Market Spilling Over With School Servers, PCs
Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities, and most are based in the United States. In a recent analysis of xDedic, Flashpoint found that besides the education sector, PC and servers tied to healthcare and legal firms mak...
PoshC2 - Powershell C2 Server and Implants
PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...
WMI Based Agentless Post-Exploitation PowerShell RAT: WMImplant
WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine. It is designed to run both...
New Clues Surface on Shamoon 2's Destructive Behavior
Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate...
WinAPI User Hunter: hunter
WinAPI User Hunter During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user no matter how, always “assume compromise” in a Windows Domain and we want to spread laterally. We want to know where the user is logged on, if he...
PT-2025-41460
Name of the Vulnerable Software and Affected Versions AVTECH devices affected versions not specified Description AVTECH devices that include the CloudSetup.cgi management endpoint are susceptible to authenticated OS command injection. The exefile parameter within the ''CloudSetup.cgi'' endpoint i...
Unraveling Turla APT Attack Against Swiss Defense Firm
Ever since hackers targeted Swiss defense contractor RUAG, government officials have been tight lipped about the breach. But on Monday Switzerland’s CERT Computer Emergency Readiness Team spilled the beans on the attack against the firm and the how perpetrators pulled it off. While Monday’s repor...
Shared Host Integrated Password System: SHIPS
SHIPS is a solution to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts for both Windows and Linux. Clients may be configured to rotate passwords automatically. Stored passwords can ...
Outlook Web Access Targeted Attack
Attackers aiming for lateral movement inside an enterprise network have done well in the past to target domain controller credentials. Researchers at Cybereason, however, have uncovered a targeted attack in which hackers were able to burrow onto the corporate network and steal thousands of...
Emissary Panda APT Group Gets Selective About Data it Steals
LAS VEGAS – The Emissary Panda APT group has a long history of invading Western organizations—be they enterprises, government or political outfits—hungry for reams of intellectual property. Lately the group, however, has become a little more selective about what it steals. Researchers at Dell...
FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight
A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation FBI that he had taken control of an airplane and made it fly briefly sideways. Chris Roberts, the founder of One World Labs, was recently detained, question...
Regin Cyberespionage Malware Platform Modules Disclosed
The Regin malware platform used to steal secrets from government agencies, banks and GSM network operators caught the attention of security experts who called it one of the most advanced attack platforms that has been studied, surpassing Flame, Duqu, even Stuxnet. Researchers at Kaspersky Lab sai...
Greg Hoglund
In his presentation on Friday, “Lateral Movement and Other APT Interaction Patterns within the Enterprise,” HBGary CEO Greg Hoglund reviewed a multitude of modern day Advanced Persistent Threats APTs while breaking down the four stages of an attack...