Article: OSINT tutorial to Find Information from a Phone Number – PhoneInfoga Tool - published over 4 years ago.
Content:
Copy Link: http://www.ehacking.net/2019/12/osint-tutorial-phoneinfoga-phone-number-search.html   
Published: 2019 12 12 10:02:00
Received: 2021 06 06 09:04:42
Feed: Ethical Hacking-Your Way To The World Of IT Security
Source: Ethical Hacking-Your Way To The World Of IT Security
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] How Safe Are Your Docker Images? - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “How Safe Are Your Docker Images?“: Today, I don’t know any organization that is not using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a “dockerized” version ready to use, sometimes mainta...
Copy Link: https://blog.rootshell.be/2021/04/22/sans-isc-how-safe-are-your-docker-images/   
Published: 2021 04 22 11:01:01
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] Malicious PowerPoint Add-On: “Small Is Beautiful” - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “Malicious PowerPoint Add-On: ‘Small Is Beautiful‘”: Yesterday I spotted a DHL-branded phishing campaign that used a PowerPoint file to compromise the victim. The malicious attachment is a PowerPoint add-in. This technique is not new, I already analyzed such a sample in a previous diary. The filename is “d...
Copy Link: https://blog.rootshell.be/2021/04/23/sans-isc-malicious-powerpoint-add-on-small-is-beautiful/   
Published: 2021 04 23 10:17:04
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] From Python to .Net - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “From Python to .Net“: The Microsoft operating system provides the .Net framework to developers. It allows to fully interact with the OS and write powerful applications… but also malicious ones. In a previous diary, I talked about a malicious Python script that interacted with the OS using the ctypes libra...
Copy Link: https://blog.rootshell.be/2021/04/29/sans-isc-from-python-to-net/   
Published: 2021 04 29 10:46:35
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] Alternative Ways To Perform Basic Tasks - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “Alternative Ways To Perform Basic Tasks“: I like to spot techniques used by malware developers to perform basic tasks. We know the LOLBins that are pre-installed tools used to perform malicious activities. Many LOLBins are used, for example, to download some content from the Internet. Some tools are so po...
Copy Link: https://blog.rootshell.be/2021/05/06/sans-isc-alternative-ways-to-perform-basic-tasks/   
Published: 2021 05 06 10:17:45
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] “Open” Access to Industrial Systems Interface is Also Far From Zero - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “‘Open’ Access to Industrial Systems Interface is Also Far From Zero“: Jan’s last diary about the recent attack against the US pipeline was in perfect timing with the quick research I was preparing for a few weeks. If core components of industrial systems are less exposed in the wild, as said Jan, there is...
Copy Link: https://blog.rootshell.be/2021/05/14/sans-isc-open-access-to-industrial-systems-interface-is-also-far-from-zero/   
Published: 2021 05 14 10:08:16
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] From RunDLL32 to JavaScript then PowerShell - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “From RunDLL32 to JavaScript then PowerShell“: I spotted an interesting script on VT a few days ago and it deserves a quick diary because it uses a nice way to execute JavaScript on the targeted system. The technique used in this case is based on very common LOLbin: RunDLL32.exe. The goal of the tool is, a...
Copy Link: https://blog.rootshell.be/2021/05/18/sans-isc-from-rundll32-to-javascript-then-powershell/   
Published: 2021 05 18 10:31:14
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique - published almost 3 years ago.
Content: [Edited: The technique discussed in this diary is not mine and has been used without proper citation of the original author] I published the following diary on isc.sans.edu: “Locking Kernel32.dll As Anti-Debugging Technique“: For bad guys, the implementation of techniques to prevent Security Analysts to perform their job is key! The idea is to make ou...
Copy Link: https://blog.rootshell.be/2021/05/21/sans-isc-locking-kernel32-dll-as-anti-debugging-technique/   
Published: 2021 05 21 10:29:30
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] “Serverless” Phishing Campaign - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “‘Serverless’ Phishing Campaign“: The Internet is full of code snippets and free resources that you can embed in your projects. SmtpJS is one of those small projects that are very interesting for developers but also bad guys. It’s the first time that I spot a phishing campaign that uses this piece of JavaS...
Copy Link: https://blog.rootshell.be/2021/05/22/sans-isc-serverless-phishing-campaign/   
Published: 2021 05 22 15:10:12
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] Malicious PowerShell Hosted on script.google.com - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “Malicious PowerShell Hosted on script.google.com“: Google has an incredible portfolio of services. Besides the classic ones, there are less known services and… they could be very useful for attackers too. One of them is Google Apps Script. Google describes it like this: “Apps Script is a rapid applicat...
Copy Link: https://blog.rootshell.be/2021/05/28/sans-isc-malicious-powershell-hosted-on-script-google-com/   
Published: 2021 05 28 10:03:48
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: [SANS ISC] Russian Dolls VBS Obfuscation - published almost 3 years ago.
Content: I published the following diary on isc.sans.edu: “Russian Dolls VBS Obfuscation“: We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry’s sample was delivered in a password-protected ZIP archive and the file was a VBS script called “presen...
Copy Link: https://blog.rootshell.be/2021/06/04/sans-isc-russian-dolls-vbs-obfuscation/   
Published: 2021 06 04 10:09:58
Received: 2021 06 06 09:04:42
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security

Article: ShellShock payload sample Linux.Bashlet - published over 9 years ago.
Content: Someone kindly shared their sample of the shellshock malware described by the Malware Must die group - you can read their analysis here:MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...DownloadDownload. Email me if you need the passwordFile InformationFile: fu4k_2485040231A35B7A465361FAF92A512DSize: 152MD5: 2485040231A35B7A465...
Copy Link: http://contagiodump.blogspot.com/2014/10/shellshock-payload-sample-linuxbashlet.html   
Published: 2014 10 02 12:12:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples - published over 9 years ago.
Content: PART IIWirelurker for Windows (WinLurker)Research: Palo Alto Claud Xiao: Wirelurker for WindowsSample credit: Claud XiaoPART I Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X MalwarePalo Alto |Claud Xiao - blog post WirelurkerWirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetectorSample credit: Claud XiaoDownloadDow...
Copy Link: http://contagiodump.blogspot.com/2014/11/wirelurker-for-osx-ios-part-i-and.html   
Published: 2014 11 07 01:57:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: OnionDuke samples - published over 9 years ago.
Content: Research:  F-Secure: OnionDuke: APT Attacks Via the Tor NetworkDownloadDownload. Email me if you need the password (new link)File attributesSize: 219136MD5:  28F96A57FA5FF663926E9BAD51A1D0CBSize: 126464MD5:  C8EB6040FD02D77660D19057A38FF769Size: 316928MD5:  D1CE79089578DA2D41F1AD901F7B1014Virustotal infohttps://www.virustotal.com/en/file/366affd094cc63e2c19c...
Copy Link: http://contagiodump.blogspot.com/2014/11/onionduke-samples.html   
Published: 2014 11 16 03:58:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: AlienSpy Java RAT samples and traffic information - published over 9 years ago.
Content: AlienSpy Java based cross platform RAT is another reincarnation of ever popular Unrecom/Adwind and Frutas RATs that have been circulating through 2014.It appears to be used in the same campaigns as was Unrccom/Adwind - see the references. If C2 responds, the java RAT downloads Jar files containing Windows Pony/Ponik loader. The RAT is crossplatform and insta...
Copy Link: http://contagiodump.blogspot.com/2014/11/alienspy-java-rat-samples-and-traffic.html   
Published: 2014 11 17 21:16:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Video archives of security conferences and workshops - published over 9 years ago.
Content: Just some links for your enjoymentList of security conferences in 2014Video archives:AIDE (Appalachian Institute of Digital Evidence)201320122011Blackhat2012 or 2012 torrentBotconf2013BsidesBSides DC 2014BSides Chicago 2014BSides Nashville 2014BSides Augusta 2014BSides Huntsville 2014BSides Las Vegas 2014BSidesDE 2013BSidesLV 2013BSidesRI 2013Bsides Clevelan...
Copy Link: http://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html   
Published: 2015 01 05 04:11:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Equation samples - from the Kaspersky Report and additional - published about 9 years ago.
Content: Here are a few samples from the report by Kaspersky Lab "Equation: The Death Star of Malware Galaxy" and additional samples of the same family. The full list is belowDownload all the samples listed below. Email me if you need the password (New link)List of filesFiles from the report:File NameMD5Size_SD_IP_CF.dll_03718676311DE33DD0B8F4F18CFFD48803718676311de3...
Copy Link: http://contagiodump.blogspot.com/2015/02/equation-samples-from-kaspersky-report.html   
Published: 2015 02 17 06:22:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Collection of Pcap files from malware analysis - published about 9 years ago.
Content: Update: Feb 19. 2015We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in ...
Copy Link: http://contagiodump.blogspot.com/2013/04/collection-of-pcap-files-from-malware.html   
Published: 2015 02 20 04:39:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Ask and you shall receive - published about 9 years ago.
Content: I get emails from readers asking for specific malware samples and thought I would make a mini post about it.Yes, I often obtain samples from various sources for my own research. I am sometimes too lazy/busy to post them but don't mind sharing.If you are looking for a particular sample, feel free to ask. I might have it.Send MD5 (several or few samples). I ca...
Copy Link: http://contagiodump.blogspot.com/2015/03/ask-and-you-shall-receive.html   
Published: 2015 03 09 01:08:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: An Overview of Exploit Packs (Update 25) May 2015 - published almost 9 years ago.
Content: Update May 12, 2015Added CVE-2015-0359 and updates for CVE-2015-0336 Exploit kit table 2014- 2015 (Sortable HTML table)Reference table : Exploit References 2014-2015Update March 20, 2015Added CVE-2015-0336------------------------Update February 19, 2015Added Hanjuan Exploit kit and CVE-2015-3013 for Angler Update January 24, 2015 http://www.kahusecurity.comA...
Copy Link: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html   
Published: 2015 05 12 04:30:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Potao Express samples - published over 8 years ago.
Content: http://www.welivesecurity.com/2015/07/30/operation-potao-express/http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdfTL; DR2011- July 2015Aka  Sapotao and node69Group - Sandworm / Quedagh APTVectors - USB, exe as doc, xlsVictims - RU, BY, AM, GE Victims - MMM group, UA govtruecryptrussia.ru has been serving modified v...
Copy Link: http://contagiodump.blogspot.com/2015/08/potao-express-samples.html   
Published: 2015 08 12 12:24:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Files download information - published about 8 years ago.
Content: After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and...
Copy Link: http://contagiodump.blogspot.com/2016/02/files-download-information.html   
Published: 2016 02 23 20:48:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Ransomware.OSX.KeRanger samples - published about 8 years ago.
Content: Research: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud XiaoSample credit: Claud XiaoFile informationd1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 1d6297e2427f1d00a5b355d6d50809cb Transmission-2.90.dmge3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 56b1d956112b0b7bd3e44f20cf1f2c19 ...
Copy Link: http://contagiodump.blogspot.com/2016/03/ransomwareosxkeranger-samples.html   
Published: 2016 03 06 23:39:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: "i am lady" Linux.Lady trojan samples - published over 7 years ago.
Content: Bitcoin mining malware for Linux servers - samplesResearch: Dr. Web. Linux.LadySample Credit:  Tim StrazzereMD5 list:0DE8BCA756744F7F2BDB732E3267C3F455952F4F41A184503C467141B6171BA786AC68E5B09D1C4B157193BB6CB34007E2CACA9626ED93C3D137FDF494FDAE7CE9423E072AD5A31A80A31FC1F525D614Download. Email me if you need the password....
Copy Link: http://contagiodump.blogspot.com/2016/08/i-am-lady-linuxlady-trojan-samples.html   
Published: 2016 08 17 04:06:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Linux.Agent malware sample - data stealer - published over 7 years ago.
Content: Research: SentinelOne, Tim Strazzere Hiding in plain sight?Sample credit: Tim StrazzereList of files9f7ead4a7e9412225be540c30e04bf98dbd69f62b8910877f0f33057ca153b65  malwared507119f6684c2d978129542f632346774fa2e96cf76fa77f377d130463e9c2c  malwarefddb36800fbd0a9c9bfffb22ce7eacbccecd1c26b0d3fb3560da5e9ed97ec14c  script.decompiled-prettyec5d4f90c91273b3794814be...
Copy Link: http://contagiodump.blogspot.com/2016/08/linuxagent-malware-sample-data-stealer.html   
Published: 2016 08 24 04:18:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Part I. Russian APT - APT28 collection of samples including OSX XAgent - published about 7 years ago.
Content:  This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or  nail another country altogether.  You can also have fun and exercise your malware analysis skills without any political agenda.The post contains malwar...
Copy Link: http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html   
Published: 2017 02 21 02:23:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: DeepEnd Research: Analysis of Trump's secret server story - published about 7 years ago.
Content:  We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)Analysis of Trump's secret server story......
Copy Link: http://contagiodump.blogspot.com/2017/03/deepend-research-analysis-of-trumps.html   
Published: 2017 03 20 04:28:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Part II. APT29 Russian APT including Fancy Bear - published about 7 years ago.
Content: This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src.  Mitre ATT&CK)Please see the first post here: Russian APT -...
Copy Link: http://contagiodump.blogspot.com/2017/03/part-ii-apt29-russian-apt-including.html   
Published: 2017 03 31 06:02:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: DDE Command Execution malware samples - published over 6 years ago.
Content: Here are a few samples related to the recent DDE Command executionReading:10/18/2017 InQuest/yara-rules 10/18/2017 https://twitter.com/i/moments/918126999738175489 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inquest: Microsoft Office DDE Vortex Ransomware Targeting Poland10/16/2017 https://twitter.com/noottra...
Copy Link: http://contagiodump.blogspot.com/2017/10/dde-command-execution-malware-samples.html   
Published: 2017 10 18 06:24:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Rootkit Umbreon / Umreon - x86, ARM samples - published about 6 years ago.
Content: Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM SystemsResearch: Trend MicroThere are two packagesone is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)DownloadDownload Email me if you need the password  File informationPart one (full package)#File NameHash ValueFile Size (on Disk)Duplicate?...
Copy Link: http://contagiodump.blogspot.com/2018/03/rootkit-umbreon-umreon-x86-arm-samples.html   
Published: 2018 03 20 13:23:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: HiddenWasp Linux malware backdoor samples - published almost 5 years ago.
Content: Here are Hidden Wasp Linux backdoor samples. Enjoy Reference Intezer HiddenWasp Malware Stings Targeted Linux Systems  DownloadDownload. Email me if you need the password (see in my profile) File informatio8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b8f1c51c4963c0bad6cf04444feb411d7 shellf321685342fa373c33eb9479176a086a1c56c90a1826a0aef345...
Copy Link: http://contagiodump.blogspot.com/2019/06/hiddenwasp-linux-malware-backdoor.html   
Published: 2019 06 04 04:31:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Linux/AirDropBot samples - published over 4 years ago.
Content: Reference Malware Must Die:  MMD-0064-2019 - Linux/AirDropBotMirai variant targeting Linksys E-series - Remote Code ExecutiontmUnblock.cgi Download             Other malwareDownload. Email me if you need the password (see in my profile) HashesMD5SHA256SHA185a8aad8d938c44c3f3f51089a60ec161a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e372f0079b...
Copy Link: http://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html   
Published: 2019 10 06 20:37:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples - published over 4 years ago.
Content: Reference Amnesia / Radiation botnet samples targeting Remote Code Execution in CCTV DVR 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet2016-08-11 CyberX Radiation IoT Cybersecurity campaignDownload             Other malwareDownload. Email me if you need the password (see in my profile) HashesMD5SHA256SHA174bf554c4bc30d172cf1...
Copy Link: http://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html   
Published: 2019 10 06 21:16:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples) - published over 4 years ago.
Content: Reference2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files,  and automatically replaces cryptocurrency wallets from the clipboard with its own.It is written using Autoit scripts and then compiled into a Windows executable.It uses Telegram to exfiltrate stolen information.Down...
Copy Link: http://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html   
Published: 2019 10 07 03:48:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: APT Calypso RAT, Flying Dutchman Samples - published over 4 years ago.
Content: Reference2019-10-31 Calypso APT: new group attacking state institutions Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.Download             Other malwareDownlo...
Copy Link: http://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html   
Published: 2019 12 02 04:46:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: 2020-12-13 SUNBURST SolarWinds Backdoor samples - published over 3 years ago.
Content:  ReferenceI am sure you all saw the news.2020-12-13 Fireeye Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor2020-12-13 MicrosoftCustomer Guidance on Recent Nation-State Cyber Attacks Well, here are the Sunburst binaries. Here is a Sunburst malware analysis walk-through video by Colin Hardy...
Copy Link: http://contagiodump.blogspot.com/2020/12/2020-12-13-sunburst-solarwinds-backdoor.html   
Published: 2020 12 14 14:47:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Article: metatool.py - published about 3 years ago.
Content: metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs. More info can be found in my SANS Internet Storm Center diary entry “Finding Metasploit & Cobalt Strike URLs“. It is still in my Github beta repository here. ...
Copy Link: https://blog.didierstevens.com/2021/04/18/metatool-py/   
Published: 2021 04 18 17:56:33
Received: 2021 06 06 09:04:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Lua CSV Wireshark Dissector - published about 3 years ago.
Content: In December 2020 I provided online Wireshark training to one of our NVISO clients. During the second day, when we cover the development of custom dissectors written in Lua, a question about CSV data came up. When the data exchanged over TCP, for example, has the CSV format (fields separated by a separator), how can I write a dissector for that? While answeri...
Copy Link: https://blog.didierstevens.com/2021/04/19/lua-csv-wireshark-dissector/   
Published: 2021 04 19 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: isodump.py - published almost 3 years ago.
Content: This is a new tool (beta) to analyze ISO files. I made this for a webinar I presented: a demo on how to use my templates to create your own tools. isodump.py is in my Github beta repository. The complete webinar is here, if you want to jump directly to the demo where I explain how to make a tool like isodump.py, go here. ...
Copy Link: https://blog.didierstevens.com/2021/04/25/isodump-py/   
Published: 2021 04 25 10:13:54
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Quickpost: Decrypting Cobalt Strike Traffic - published almost 3 years ago.
Content: I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings. Cobalt Strike beacons communicating over HTTP encrypt their data with AES (unless a trial version is used). I found code to decrypt/encrypt such data in the PyBeacon and Geacon Github repositories. ...
Copy Link: https://blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic/   
Published: 2021 04 26 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Overview of Content Published in April - published almost 3 years ago.
Content: Here is an overview of content I published in April: Blog posts: metatool.py Lua CSV Wireshark Dissector isodump.py Quickpost: Decrypting Cobalt Strike Traffic YouTube videos: YARA and CyberChef YARA and CyberChef: ZIP Decoding Cobalt Strike Traffic Lua CSV Wireshark Dissector The Security Toolsmith (NVISO Brown Bag 2021) Videoblog posts: YARA and Cyber...
Copy Link: https://blog.didierstevens.com/2021/05/02/overview-of-content-published-in-april-6/   
Published: 2021 05 02 19:16:58
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Update: 1768.py Version 0.0.6 - published almost 3 years ago.
Content: This new version of 1768.py, my tool to analyze Cobalt Stike beacons, has fixes, support for more encodings, and an option to output the config in JSON format. 1768_v0_0_6.zip (https) MD5: EB9C949BB7B5DD3EF9ECEBF7F3C21184 SHA256: 3EC0BB7B41CC5C0E1534F09BAE67D62B220F8D83A7F02EC0F856F8741F86EB31 ...
Copy Link: https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/   
Published: 2021 05 22 15:06:15
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Update: re-search.py Version 0.0.17 - published almost 3 years ago.
Content: This new version of re-search.py adds gzip support and filtering of private IPv4 addresses: re-search_V0_0_17.zip (https) MD5: 8945F435BDA03D73EF7A2BA1AA64A65E SHA256: 0D74709B9F26FC7F6EEADAEE1BAA3AF7AADAA618F88B1C267BA5A063C8E3D997 ...
Copy Link: https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/   
Published: 2021 05 23 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Update: base64dump.py Version 0.0.14 - published almost 3 years ago.
Content: This new version of base64dump.py supports a new encoding: NETBIOS Name encoding. NETBIOS Name encoding is very similar to hexadecimal encoding: in stead of hexadecimal digits 0-9 and a-f, letters A-P are used. I encountered this in DNS TXT records of a Cobalt Strike DNS stager. More on that later. base64dump_V0_0_14.zip (https)MD5: 35BF4900BED...
Copy Link: https://blog.didierstevens.com/2021/05/25/update-base64dump-py-version-0-0-14/   
Published: 2021 05 25 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: New Tool: cs-dns-stager.py - published almost 3 years ago.
Content: cs-dns-stager.py is a quick & dirty tool I wrote to retrieve a Cobalt Strike DNS beacon from its server, if you only have the IP address of said server. If you want to know more about Cobalt Strike and DNS, watch this video I recorded: ...
Copy Link: https://blog.didierstevens.com/2021/05/30/new-tool-cs-dns-stager-py/   
Published: 2021 05 30 17:59:01
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Overview of Content Published in May - published almost 3 years ago.
Content: Here is an overview of content I published in May: Blog posts: Update: 1768.py Version 0.0.6 Update: re-search.py Version 0.0.17 Update: base64dump.py Version 0.0.14 New Tool: cs-dns-stager.py YouTube videos: Making Sense Of Encrypted Cobalt Strike Traffic Cobalt Strike & DNS – Part 1 Videoblog posts: Making Sense Of Encrypted Cobalt Strike Traffi...
Copy Link: https://blog.didierstevens.com/2021/06/04/overview-of-content-published-in-may-6/   
Published: 2021 06 04 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security

Article: Fuzzilli – JavaScript Engine Fuzzing Library - published over 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2020 10 22 09:04:37
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: Trape – OSINT Analysis Tool For People Tracking - published over 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2020/11/trape-osint-analysis-tool-for-people-tracking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2020 11 03 10:03:00
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: HELK – Open Source Threat Hunting Platform - published over 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2020/11/helk-open-source-threat-hunting-platform/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2020 11 06 10:46:55
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: zANTI – Android Wireless Hacking Tool Free Download - published over 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2020/12/zanti-android-wireless-hacking-tool-free-download/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2020 12 07 13:15:28
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: GKE Auditor – Detect Google Kubernetes Engine Misconfigurations - published over 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2021/01/gke-auditor-detect-google-kubernetes-engine-misconfigurations/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2021 01 01 10:59:21
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials - published about 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2021 02 03 13:13:35
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: APT-Hunter – Threat Hunting Tool via Windows Event Log - published about 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2021/03/apt-hunter-threat-hunting-tool-via-windows-event-log/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2021 03 04 17:16:01
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: Grype – Vulnerability Scanner For Container Images & Filesystems - published almost 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2021/04/grype-vulnerability-scanner-for-container-images-filesystems/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2021 04 19 10:11:41
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) - published almost 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2021 05 07 14:49:00
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack - published almost 3 years ago.
Content:
Copy Link: https://www.darknet.org.uk/2021/05/vulhub-pre-built-vulnerable-docker-environments-for-learning-to-hack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed   
Published: 2021 05 27 10:57:54
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security

Article: Converting NMAP XML Files to HTML with xsltproc - published over 3 years ago.
Content: NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit.  This enables the scan data to be parsed by other tools such as Metasploit’s db_import or even NMAP’s own Zenmap GUI.  While XML is great for parsing, it’s not really easy for humans to read.  I have found several people are unaware of the fac...
Copy Link: /blog/2021/01/converting-nmap-xml-files-to-html-with-xsltproc.html   
Published: 2021 01 14 16:30:00
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: LD_PRELOAD: How to Run Code at Load Time - published about 3 years ago.
Content:     Today I want to continue the series on using LD_PRELOAD.  In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library function call to run our own code.  This is great when we want to overwrite the behavior of external library calls in a process, but we would have to wait for that call to happen fi...
Copy Link: /blog/2021/02/ld_preload-how-to-run-code-at-load-time.html   
Published: 2021 02 24 15:40:00
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Three Excellent API Security Practices Most People Neglect - published about 3 years ago.
Content: We are very much in the age of APIs. From widely-used single-purpose products like Slack to cloud-based solutions like Amazon Web Services (AWS) and Microsoft Azure, APIs are used to drive business processes in all kinds of industries, every day. For tech companies, whether you’re doing a monolithic back-end, containerized microservices, or serverless archi...
Copy Link: /blog/2021/04/three-excellent-api-security-practices-most-people-neglect.html   
Published: 2021 04 15 14:00:36
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: A Hacker’s Tour of the X86 CPU Architecture - published almost 3 years ago.
Content: Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU arc...
Copy Link: /blog/2021/04/a-hackers-tour-of-the-x86-cpu-architecture.html   
Published: 2021 04 20 15:15:43
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How to Build a Hello World Program in NASM - published almost 3 years ago.
Content: Overview A processor understands bytecode instructions specific to that architecture.  We as humans use mnemonics to make building these instructions easier than remembering a bunch of binary codes.  These mnemonics are known as assembly instructions.  This is one of the lowest levels of programming that can be done.  This programming is a bit of a lost ...
Copy Link: /blog/2021/05/linux-x86-assembly-how-to-build-a-hello-world-program-in-nasm.html   
Published: 2021 05 04 14:55:33
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start - published almost 3 years ago.
Content: Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development process. Leif Dreizler wrote a great article suggesting that not only do we need to shift security left, but shift engineering right. I agree, but why stop there. We all need to cultivate a culture of consistent coll...
Copy Link: /blog/2021/05/appsec-cheat-code-shift-left-shift-right-up-down-start.html   
Published: 2021 05 04 14:57:50
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How to Build a Hello World Program in GAS - published almost 3 years ago.
Content: Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM.  Today, we will cover how to do the same thing, but this time using the GAS toolchain instead.  This will allow us to review the differences in the source code syntax and structure, as well as the difference in the build process. Prerequisite Knowledge ...
Copy Link: /blog/2021/05/linux-x86-assembly-how-to-build-a-hello-world-program-in-gas.html   
Published: 2021 05 11 16:18:46
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Run as Admin: Executive Order on Cybersecurity - published almost 3 years ago.
Content: On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune 500 and brings them into the public sector as well. President Trump issued similar executive orders including one in 2017,  another in 2018, two in 2019 and three in 2020, but we will cover those at a different...
Copy Link: /blog/2021/05/run-as-admin-executive-order-on-cybersecurity.html   
Published: 2021 05 14 15:44:34
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: The Best Way to Capture Traffic in 2021 - published almost 3 years ago.
Content: There are times when you need to capture some network traffic.  Maybe you’re troubleshooting a communication issue or maybe you’re doing something a little more suspect on a penetration test (looking for that clear text communication floating on the network to a host).  On top of needing a capture, you may not want to install a third party capture tool like...
Copy Link: /blog/2021/05/the-best-way-to-capture-traffic-in-2021.html   
Published: 2021 05 25 16:21:04
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload - published almost 3 years ago.
Content: Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly.  While this can help us learn x86 assembly, it isn’t viable as a payload for use in exploits in its current form.  Today’s blog will look into what those issues are, how they impact the code’s use as a payload, and what we can do to address those issues. ...
Copy Link: /blog/2021/06/linux-x86-assembly-how-to-make-our-hello-world-usable-as-an-exploit-payload.html   
Published: 2021 06 01 14:13:33
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security