Организация передачи данных на C&C через TCP handshake
https://thesw4rm.gitlab.io/nfqueue_c2/2019/09/15/Command-and-Control-via-TCP-Handshake/
https://thesw4rm.gitlab.io/nfqueue_c2/2019/09/15/Command-and-Control-via-TCP-Handshake/
thesw4rm Cybersecurity Stuff
Command and Control via TCP Handshake
Quick Intro/DisclaimerThis is my first blog post, so please let me know if there’s any way I can improve this post. I expect it to have inaccuracies and maybe have parts that can be explained better.
ConPtyShell
ConPtyShell - Fully Interactive Reverse Shell for Windows
https://github.com/antonioCoco/ConPtyShell
ConPtyShell - Fully Interactive Reverse Shell for Windows
https://github.com/antonioCoco/ConPtyShell
GitHub
GitHub - antonioCoco/ConPtyShell: ConPtyShell - Fully Interactive Reverse Shell for Windows
ConPtyShell - Fully Interactive Reverse Shell for Windows - antonioCoco/ConPtyShell
Forwarded from r0 Crew (Channel)
A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU https://github.com/andreafioraldi/WineAFLplusplusDEMO #fuzzing #dukeBarman
GitHub
GitHub - AFLplusplus/Fuzz-With-Wine-Demo: A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU
A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU - AFLplusplus/Fuzz-With-Wine-Demo
Анализ POS вредоноса группы FIN6
https://www.sentinelone.com/blog/fin6-frameworkpos-point-of-sale-malware-analysis-internals/
https://www.sentinelone.com/blog/fin6-frameworkpos-point-of-sale-malware-analysis-internals/
SentinelLabs
FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals - SentinelLabs
The Zero2Hero malware course continues with Vitali Kremez diving into FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems.
Social Scanner API Documentation
Find a given username instantly across 20 social networks with links to each profile in JSON!
https://rapidapi.com/dmchale.dev/api/social-scanner
Find a given username instantly across 20 social networks with links to each profile in JSON!
https://rapidapi.com/dmchale.dev/api/social-scanner
Investigation Into Google Play Security Mechanisms Via Experimental Botnet
https://pdfhost.io/v/btnoPyzLY_Investigation_Into_Google_Play_Security_Mechanisms_Via_Experimental_Botnet.pdf
https://pdfhost.io/v/btnoPyzLY_Investigation_Into_Google_Play_Security_Mechanisms_Via_Experimental_Botnet.pdf
PDF Host
Investigation Into Google Play Security Mechanisms Via Experimental Botnet | PDF Host
PDF Host read free online - Investigation Into Google Play Security Mechanisms Via Experimental Botnet - Mr. Milan Oulehla
Крупная утечка внутренних документов СОРМ. (МТС и Nokia)
https://www.upguard.com/breaches/mts-nokia-telecom-inventory-data-exposure#/security-lapse-russia/
https://www.upguard.com/breaches/mts-nokia-telecom-inventory-data-exposure#/security-lapse-russia/
Upguard
Telecommunications Breakdown: How Russian Telco Infrastructure was Exposed | UpGuard
A storage device containing 1.7 terabytes of information detailing telecommunications installations throughout the Russian Federation was exposed to the public internet.
vBulletin 5.x 0day pre-auth RCE exploit
https://seclists.org/fulldisclosure/2019/Sep/31
https://seclists.org/fulldisclosure/2019/Sep/31
seclists.org
Full Disclosure: vBulletin 5.x 0day pre-auth RCE exploit
Forwarded from Noise Security Bit (Alex)
Интересный отчет от CitezenLab в котором очень подробно рассматриваются таргетированные атаки на тибетских активистов с использованием недавно обнародованного iOS импланта
https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
The Citizen Lab
Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits - The Citizen Lab
This is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community.
Forwarded from Noise Security Bit (Alex)
кстати, если кто-то хочет поковырять сэмпл этого импланта, то он уже был замечен на VirusTotal
https://www.virustotal.com/gui/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/detection
https://www.virustotal.com/gui/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/detection
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure.
https://github.com/skydive-project/skydive
https://github.com/skydive-project/skydive
GitHub
GitHub - skydive-project/skydive: An open source real-time network topology and protocols analyzer
An open source real-time network topology and protocols analyzer - skydive-project/skydive
Windows Exploitation Tricks: Spoofing Named Pipe Client PID
https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html
https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html
Blogspot
Windows Exploitation Tricks: Spoofing Named Pipe Client PID
Posted by James Forshaw, Project Zero While researching the Access Mode Mismatch in IO Manager bug class I came across an interesti...
Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering
https://threat.tevora.com/smoke-and-mirrors-red-teaming-with-physical-penetration-testing-and-social-engineering/
https://threat.tevora.com/smoke-and-mirrors-red-teaming-with-physical-penetration-testing-and-social-engineering/
Threat Blog
Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering
In this post, we will illustrate the roadmap of a physical penetration test and advise how to successfully infiltrate into a corporate environment. This post should be able to clarify areas of focus for a successful physical engagement with an emphasis on…
PEpper
An open source script to perform malware static analysis on Portable Executable
https://github.com/Th3Hurrican3/PEpper
An open source script to perform malware static analysis on Portable Executable
https://github.com/Th3Hurrican3/PEpper
GitHub
GitHub - 0x0be/PEpper: An open source script to perform malware static analysis on Portable Executable
An open source script to perform malware static analysis on Portable Executable - GitHub - 0x0be/PEpper: An open source script to perform malware static analysis on Portable Executable
Forwarded from Noise Security Bit (Aligner)
Уязвимость в Whatsapp (уязвимость в android-gif-drawable либе) c "exploit'ом" (без обхода ASLR)
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Home
How a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…
Forwarded from r0 Crew (Channel)
[RU] OTUS (Курс по реверсу) #LEAKED
https://cloud.mail.ru/public/4aGL/3EFRUMvq6/
#re #course #Thatskriptkid
https://cloud.mail.ru/public/4aGL/3EFRUMvq6/
#re #course #Thatskriptkid