296 matches found
Breaking free from the VirusTotal silo: Lock and Code S02E07
This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. Its a practice that is surprisingly common. Weeks ago, Malwarebyt...
Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers
Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate...
Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?
On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawlin...
CISA and CNMF Analysis of SolarWinds-related Malware
CISA and the Department of Defense DoD Cyber National Mission Force CNMF have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network...
RAT-el - An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus...
Knockpy 4.1.1 - CSV Injection Exploit
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch details such as headers...
Knockpy 4.1.1 CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
Knockpy 4.1.1 - CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
Freki - Malware Analysis Platform
Freki is a free and open-source malware analysis platform. Goals 1. Facilitate malware analysis and reverse engineering; 2. Provide an easy-to-use REST API for different projects; 3. Easy deployment via Docker; 4. Allow the addition of new features by the community. Current features Hash...
CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT
The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense Cyber National Mission Force CNMF have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat APT actor Turla. In...
CISA and CNMF Identify a New Malware Variant: Zebrocy
Content: The Cybersecurity and Infrastructure Security Agency CISA and the Department of Defense DOD Cyber National Mission Force CNMF have identified a malware variant—referred to as Zebrocy—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to t...
CrimeOps of the KashmirBlack Botnet – Part II
Introduction The previous blog - “CrimeOps of the KasmirBlack Botnet - Part I” - described the DevOps behind the botnet. It showed how its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort,and explained the evolution and version deployment o...
This Week in Security News: Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles and VirusTotal Now Supports Trend Micro ELF Hash
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals are passing the time during the COVID-19 pandemic with online poker games, where the prizes include stolen...
uriDeep - Unicode Encoding Attacks With Machine Learning
Unicode encoding attacks with machine learning. Tool based on machine learning to create amazing fake domains using confusables. Some domains can deceive IDN policies Chrome & Firefox. I created the best big dictionary of confusables using neural networks. It is used in the tool and it can be...
CISA and CNMF Identify a New Malware Variant
The Cybersecurity and Infrastructure Security Agency CISA and the Department of Defense DOD Cyber National Mission Force CNMF have identified a malware variant—referred to as SLOTHFULMEDIA—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the...
Chimera - PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a shiny and very hack-ish PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1's known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures. Chimera was created for this write-up an...
Mihari - A Helper To Run OSINT Queries & Manage Results Continuously
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting. How it works Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts IP addresses, domains, URLs and hashes from the results...
PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View
Python module for viewing Portable Executable PE files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview...
Chinese Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified a malware variant—referred as TAIDOOR—used by the Chinese government. In addition, U.S. Cyber Command has released the malware sample to the malwar...
Malicious 'Blur' Photo App Campaign Discovered on Google Play
A new campaign of malicious photo apps on Google Play floods Android devices with random ads instead of functioning as advertised. They also elude detection by making its icon disappear from the device home screen soon after it’s downloaded. Researchers at the White Ops Satori Threat Intelligence...