PortBender - TCP Port Redirection Utility

PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port e.g., 445/TCP to another TCP port e.g., 8445/TCP. PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. Howeve...

D-Link Private Code-Signing Keys Leaked

A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the...

Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver

The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and...

Dennis Fisher and Mike Mimoso on Duqu 2.0, HSTS in Windows, and More

Dennis Fisher and Mike Mimoso discuss the Duqu 2.0 attack and its ramifications, the addition of HSTS support to Windows 7 and 8.1 and the rest of the news of the week. Download: digitalunderground207.mp3 Music by Chris Gonsalves...

Duqu Resurfaces With New Round of Victims, Including Kaspersky Lab

The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims,...