Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational...

WordPress Directorist plugin cross-site request forgery vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Directorist plugin has a cross-site request forgery vulnerability, which stems from the fact that the WordPress...

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Directorist plugin has a cross-site request forgery vulnerability, which stems from the fact that the WordPress...

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as...

‘Lone Wolf’ APT Uses Commodity RATs

An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...

HackTools

This is a web browser extension for penetration testing, called HackTools. It is a comprehensive toolset for web application security testing, providing various features such as: Dynamic shell generation PHP, Bash, Ruby, Python, Perl, Netcat XSS payload generation Common SQL injection payloads...

Pwncat - Fancy Reverse And Bind Shell Handler

pwncat is a post-exploitation platform for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. pwncat used to only support Linux, but ther...

Friday Squid Blogging: Ram’s Horn Squid Shells

You can find rams horn squid shells on beaches in Texas and presumably elsewhere. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes

Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information PII. The issue, tracked as...

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linu...

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as...

Hack-Tools

This is an offensive tool for Web Pentesters. It is a browser extension that facilitates web application penetration tests, providing cheat sheets and tools such as XSS payloads, reverse shells, and more. The extension is accessible in either popup mode or a whole tab in the Devtools part of the...

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...

Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software

In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. The trojanized client was available for download between February 8, 2021...

Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures TTPs adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's...

‘Agrius’ APT Launches Wiper Attacks Against Israelis

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated. Sentinel Labs analysts said they have been tracking Agrius’ operations in Israel...

Magecart Goes Server-Side in Latest Tactics Changeup

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The skimmers are still “very...