Lucene search
+L

637 matches found

FireEye
FireEye
added 2017/08/11 9:0 a.m.22 views

APT28 Targets Hospitality Sector, Presents Threat to Travelers

FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several...

0.3AI score
Exploits0
n0where
n0where
added 2017/08/07 9:56 p.m.21 views

Automated Privilege Escalation: portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...

1AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2017/06/28 12:0 a.m.4 views

Petya Ransomware Lateral Movement Remote Code Execution

Petya is a malware that infects Windows computers, encrypting files and demanding ransom to decrypt the files. Once a network is infected the malware propagates laterally to further infect devices on the network...

5.3AI score
Exploits0
FireEye
FireEye
added 2017/06/27 5:30 p.m.716 views

Petya Destructive Malware Variant Spreading via Stolen Credentials and EternalBlue Exploit

UPDATE July 21: FireEye continues to track this threat. An earlier version of this post has been updated to reflect new findings. On June 27, 2017, multiple organizations – many in Europe – reported significant disruptions they are attributing to a variant of the Petya ransomware, which we are...

9.3CVSS8AI score0.99933EPSS
Exploits29
ThreatPost
ThreatPost
added 2017/04/25 1:45 p.m.116 views

xDedic Market Spilling Over With School Servers, PCs

Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities, and most are based in the United States. In a recent analysis of xDedic, Flashpoint found that besides the education sector, PC and servers tied to healthcare and legal firms mak...

9.3CVSS0.6AI score0.99945EPSS
Exploits33References5
Kitploit
Kitploit
added 2017/04/11 2:2 p.m.150 views

PoshC2 - Powershell C2 Server and Implants

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/04/03 4:13 p.m.20 views

WMI Based Agentless Post-Exploitation PowerShell RAT: WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine. It is designed to run both...

0.3AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/03/27 4:51 p.m.10 views

New Clues Surface on Shamoon 2's Destructive Behavior

Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate...

0.7AI score
Exploits0References2
n0where
n0where
added 2016/12/05 2:47 a.m.15 views

WinAPI User Hunter: hunter

WinAPI User Hunter During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user no matter how, always “assume compromise” in a Windows Domain and we want to spread laterally. We want to know where the user is logged on, if he...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2016/10/11 12:0 a.m.6 views

PT-2025-41460

Name of the Vulnerable Software and Affected Versions AVTECH devices affected versions not specified Description AVTECH devices that include the CloudSetup.cgi management endpoint are susceptible to authenticated OS command injection. The exefile parameter within the ''CloudSetup.cgi'' endpoint i...

9CVSS6.2AI score0.03946EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2016/05/23 5:33 p.m.17 views

Unraveling Turla APT Attack Against Swiss Defense Firm

Ever since hackers targeted Swiss defense contractor RUAG, government officials have been tight lipped about the breach. But on Monday Switzerland’s CERT Computer Emergency Readiness Team spilled the beans on the attack against the firm and the how perpetrators pulled it off. While Monday’s repor...

7.1AI score
Exploits0References4
n0where
n0where
added 2016/03/16 7:35 p.m.81 views

Shared Host Integrated Password System: SHIPS

SHIPS is a solution to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts for both Windows and Linux. Clients may be configured to rotate passwords automatically. Stored passwords can ...

Exploits0References2
ThreatPost
ThreatPost
added 2015/10/06 10:54 a.m.13 views

Outlook Web Access Targeted Attack

Attackers aiming for lateral movement inside an enterprise network have done well in the past to target domain controller credentials. Researchers at Cybereason, however, have uncovered a targeted attack in which hackers were able to burrow onto the corporate network and steal thousands of...

2.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/08/05 3:0 p.m.11 views

Emissary Panda APT Group Gets Selective About Data it Steals

LAS VEGAS – The Emissary Panda APT group has a long history of invading Western organizations—be they enterprises, government or political outfits—hungry for reams of intellectual property. Lately the group, however, has become a little more selective about what it steals. Researchers at Dell...

Exploits0
The Hacker News
The Hacker News
added 2015/05/16 11:11 p.m.12 views

FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight

A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation FBI that he had taken control of an airplane and made it fly briefly sideways. Chris Roberts, the founder of One World Labs, was recently detained, question...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/01/22 11:55 a.m.15 views

Regin Cyberespionage Malware Platform Modules Disclosed

The Regin malware platform used to steal secrets from government agencies, banks and GSM network operators caught the attention of security experts who called it one of the most advanced attack platforms that has been studied, surpassing Flame, Duqu, even Stuxnet. Researchers at Kaspersky Lab sai...

0.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/02/10 3:5 p.m.13 views

Greg Hoglund

In his presentation on Friday, “Lateral Movement and Other APT Interaction Patterns within the Enterprise,” HBGary CEO Greg Hoglund reviewed a multitude of modern day Advanced Persistent Threats APTs while breaking down the four stages of an attack...

2.7AI score
Exploits0
Rows per page
Query Builder