Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as par...

hackingtool-v5.1

All in One Hacking tool For Hackers🥇 !https://img.shields...

China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa

The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with...

Linux, Windows and macOS Hit By New “Alchimist” Attack Framework

By Deeba Ahmed Alchimist is a single-file C2 framework discovered on a server hosting an active file listing on the root directory and a set of post-exploitation tools. This is a post from HackRead.com Read the original post: Linux, Windows and macOS Hit By New "Alchimist" Attack Framework...

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service RaaS operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initia...

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 CVSS score: 9.8, concerns an authentication bypass that...

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen...

hackingtool

This repository is an offensive tool for a comprehensive hacking toolkit. The primary vulnerability class targeted is not explicitly stated, but the tool includes various modules for exploitation, reverse engineering, and post-exploitation. The probable entry points for this tool are scripts and...

Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control C2 traffic...

The Shadow Brokers Leaked Exploits Explained

The Rapid7 team has been busy evaluating the threats posed by last Fridays Shadow Broker exploit and tool release and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses,...