50 matches found
nimrc 1.0.0
nimrm is a native WinRM interactive shell client written in Nim. It's designed to be a compact and fast tool for system administration and authorized security testing. Key features include NTLM and Kerberos authentication, in-memory operations, file transfers, OPSEC awareness, and cross platform...
EUVD-2000-0801
Malware in sbrugna...
OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting BPH provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect.com hosted...
EncryptHub’s OPSEC Failures Expose Its Malware Operation
Outpost24's KrakenLabs reveals EncryptHub's multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how…...
Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details
In what's a case of an operational security OPSEC lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses. Styx Stealer, a derivative o...
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line
LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA.... and LOLSpoof will ensure that the process creation telemetry...
‘The Manipulaters’ Improve Phishing, Still Fail at Opsec
Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claimin...
DllNotificationInjection - A POC Of A New "Threadless" Process Injection Technique That Works By Utilizing The Concept Of DLL Notification Callbacks In Local And Remote Processes
DllNotificationInection is a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog post with more details is available here: https://shorsec.io/blog/dll-notification-injection/ Ho...
OSINT. What can you find from a domain or company name
We carry out lots of attack surface assessments, parts of which involve investigating information that has been unintentionally disclosed. To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names. Domain name So let’s div...
Aladdin - Payload Generation Technique That Allows The Deseriallization Of A .NET Payload And Execution In Memory
Aladdin is a payload generation technique based on the work of James Forshaw @tiraniddo that allows the deseriallization of a .NET payload and execution in memory. The original vector was documented on https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html. By spawning the...
LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...
Using Hacked LastPass Keys to Steal Cryptocurrency
Remember last November, when hackers broke into the network for LastPass--a password database--and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, theyre now using that data break into crypto wallets and drain them: $35 million and counting, all going...
Exploit for Link Following in Microsoft
CVE-2023-36874 Windows Error Reporting LPE BOF Introductio...
Gato - GitHub Self-Hosted Runner Enumeration And Attack Tool
Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization. The tool also allows searching for and thoroughly enumerating publ...
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...
TrelloC2 - Simple C2 Over The Trello API
Simple C2 over Trello's API Proof-of-Concept By: Fabrizio Siciliano @0rbz Update 12/30/2019 Removed hardcoded API key and Token, use input instead. Requirements Python 3.x Setup 1. Create a Trello account: https://trello.com/signup 2. Once logged in, get your API key: https://trello.com/app-key 3...
Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers
A new Golang-based peer-to-peer P2P botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware...
linWinPwn - A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the reposito...
CobaltBus - Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup 1. Create an Azure Service Bus 2. Create a Shared access policy Connection string that can only Send and Listen 3. Edit the static connectionString variable in Beacon C projects to match the "Primar...
DCOM abuse and lateral movement with Cobalt Strike
Introduction When researching lateral movement techniques I came across a post from Raphael Mudge of Cobalt Strike fame. He details scripting an Aggressor Script for Matt Nelson’s MMC20.Application Lateral Movement technique. Reading that post spurred me to make my own DCOM based lateral movement...