812 matches found
Unknown 'WildPressure' Malware Campaign Lets Off Steam in Middle East
A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed “WildPressure,” the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code. According to...
FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features FinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler DNS Enumeration A, AAAA,...
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE a.k.a. Snake /...
Iran-Backed APTs Collaborate on 3-Year 'Fox Kitten' Global Spy Campaign
Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain,...
Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed "Fox Kitten ," the cyber-espionage campaign is said to have been directed a...
CSI Evidence Indicators for Targeted Ransomware Attacks
ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...
CSI Evidence Indicators for Targeted Ransomware Attacks
ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...
Ghost in the shell: Investigating web shell attacks
Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of Microsoft’s Detection and...
MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...
TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in...
Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
Ultimate Internet of Things/Industrial Control Systemsreconnaissance tool. Powered by Shodan - Supported by Binary Edge & WhoisXMLAPI writeup - https://medium.com/@wojciech/hack-the-planet-with-%EA%93%98amerka-gui-ultimate-internet-of-things-industrial-control-systems-5ff7d9686b29 Demo -...
U.S. Dept Of Defense: Publicly accessible Grafana install allows pivoting to Prometheus datasource
Summary: A publicly accessible Grafana install exposes semi sensitive Dashboards. This also exposes the Prometheus proxied datasources which allow direct queries to a Prometheus instance which reveals sensitive data an opens the instance up to potential DoS via crafted requests. Description: Impa...
AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process
Attack Surface Mapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It...
Lazyrecon - Script To Automate Your Reconnaissance Process In An Organized Fashion
LazyRecon is a script written in Bash, it is intended to automate some tedious tasks of reconnaissance and information gathering. This tool allows you to gather some information that should help you identify what to do next and where to look. Usage ./lazyrecon.sh -d target.com Main Features Creat...
Elegant sLoad Carries Out Spying, Payload Delivery in BITS
A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...
ReconPi - Set Up Your Raspberry Pi To Perform Basic Recon Scans
ReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi. Start using that Raspberry Pi -- I know you all have one laying around somewhere ; Installation Check the updated blogpost here for a complete guide on how to set up your own...
Friday Squid Blogging: Squid-Like Underwater Drone
The Sea Hunting Autonomous Reconnaissance Drone SHARD swims like a squid and can explode on command. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal...
Wild Blue Yonder: VMware Carbon Black ThreatSight Dissects BlueKeep Windows Exploit
VMware Carbon Black’s ThreatSight TS team monitors customer environments to detect and alert on new and emerging threats. Recently, ThreatSight detected malicious behavior that leveraged several attack vectors, including one of the first known uses of the newly released BlueKeep Windows exploit i...
Design/Logic Flaw
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...