Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 50,900

Category: Cyber Security

Articles recieved 06/06/2021
Article: ShellShock payload sample Linux.Bashlet - published about 10 years ago.
Content: Someone kindly shared their sample of the shellshock malware described by the Malware Must die group - you can read their analysis here:MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...DownloadDownload. Email me if you need the passwordFile InformationFile: fu4k_2485040231A35B7A465361FAF92A512DSize: 152MD5: 2485040231A35B7A465...
http://contagiodump.blogspot.com/2014/10/shellshock-payload-sample-linuxbashlet.html 
🔥🔥
 
Published: 2014 10 02 12:12:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples - published about 10 years ago.
Content: PART IIWirelurker for Windows (WinLurker)Research: Palo Alto Claud Xiao: Wirelurker for WindowsSample credit: Claud XiaoPART I Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X MalwarePalo Alto |Claud Xiao - blog post WirelurkerWirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetectorSample credit: Claud XiaoDownloadDow...
http://contagiodump.blogspot.com/2014/11/wirelurker-for-osx-ios-part-i-and.html 
🔥🔥
 
Published: 2014 11 07 01:57:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: OnionDuke samples - published about 10 years ago.
Content: Research:  F-Secure: OnionDuke: APT Attacks Via the Tor NetworkDownloadDownload. Email me if you need the password (new link)File attributesSize: 219136MD5:  28F96A57FA5FF663926E9BAD51A1D0CBSize: 126464MD5:  C8EB6040FD02D77660D19057A38FF769Size: 316928MD5:  D1CE79089578DA2D41F1AD901F7B1014Virustotal infohttps://www.virustotal.com/en/file/366affd094cc63e2c19c...
http://contagiodump.blogspot.com/2014/11/onionduke-samples.html 
🔥🔥
 
Published: 2014 11 16 03:58:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: AlienSpy Java RAT samples and traffic information - published about 10 years ago.
Content: AlienSpy Java based cross platform RAT is another reincarnation of ever popular Unrecom/Adwind and Frutas RATs that have been circulating through 2014.It appears to be used in the same campaigns as was Unrccom/Adwind - see the references. If C2 responds, the java RAT downloads Jar files containing Windows Pony/Ponik loader. The RAT is crossplatform and insta...
http://contagiodump.blogspot.com/2014/11/alienspy-java-rat-samples-and-traffic.html 
🔥🔥
 
Published: 2014 11 17 21:16:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Video archives of security conferences and workshops - published almost 10 years ago.
Content: Just some links for your enjoymentList of security conferences in 2014Video archives:AIDE (Appalachian Institute of Digital Evidence)201320122011Blackhat2012 or 2012 torrentBotconf2013BsidesBSides DC 2014BSides Chicago 2014BSides Nashville 2014BSides Augusta 2014BSides Huntsville 2014BSides Las Vegas 2014BSidesDE 2013BSidesLV 2013BSidesRI 2013Bsides Clevelan...
http://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html 
🔥🔥
 
Published: 2015 01 05 04:11:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Equation samples - from the Kaspersky Report and additional - published almost 10 years ago.
Content: Here are a few samples from the report by Kaspersky Lab "Equation: The Death Star of Malware Galaxy" and additional samples of the same family. The full list is belowDownload all the samples listed below. Email me if you need the password (New link)List of filesFiles from the report:File NameMD5Size_SD_IP_CF.dll_03718676311DE33DD0B8F4F18CFFD48803718676311de3...
http://contagiodump.blogspot.com/2015/02/equation-samples-from-kaspersky-report.html 
🔥🔥
 
Published: 2015 02 17 06:22:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Collection of Pcap files from malware analysis - published almost 10 years ago.
Content: Update: Feb 19. 2015We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in ...
http://contagiodump.blogspot.com/2013/04/collection-of-pcap-files-from-malware.html 
🔥🔥
 
Published: 2015 02 20 04:39:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Ask and you shall receive - published over 9 years ago.
Content: I get emails from readers asking for specific malware samples and thought I would make a mini post about it.Yes, I often obtain samples from various sources for my own research. I am sometimes too lazy/busy to post them but don't mind sharing.If you are looking for a particular sample, feel free to ask. I might have it.Send MD5 (several or few samples). I ca...
http://contagiodump.blogspot.com/2015/03/ask-and-you-shall-receive.html 
🔥🔥
 
Published: 2015 03 09 01:08:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: An Overview of Exploit Packs (Update 25) May 2015 - published over 9 years ago.
Content: Update May 12, 2015Added CVE-2015-0359 and updates for CVE-2015-0336 Exploit kit table 2014- 2015 (Sortable HTML table)Reference table : Exploit References 2014-2015Update March 20, 2015Added CVE-2015-0336------------------------Update February 19, 2015Added Hanjuan Exploit kit and CVE-2015-3013 for Angler Update January 24, 2015 http://www.kahusecurity.comA...
http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html 
🔥🔥
 
Published: 2015 05 12 04:30:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Potao Express samples - published over 9 years ago.
Content: http://www.welivesecurity.com/2015/07/30/operation-potao-express/http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdfTL; DR2011- July 2015Aka  Sapotao and node69Group - Sandworm / Quedagh APTVectors - USB, exe as doc, xlsVictims - RU, BY, AM, GE Victims - MMM group, UA govtruecryptrussia.ru has been serving modified v...
http://contagiodump.blogspot.com/2015/08/potao-express-samples.html 
🔥🔥
 
Published: 2015 08 12 12:24:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Files download information - published over 8 years ago.
Content: After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and...
http://contagiodump.blogspot.com/2016/02/files-download-information.html 
🔥🔥
 
Published: 2016 02 23 20:48:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Ransomware.OSX.KeRanger samples - published over 8 years ago.
Content: Research: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud XiaoSample credit: Claud XiaoFile informationd1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 1d6297e2427f1d00a5b355d6d50809cb Transmission-2.90.dmge3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 56b1d956112b0b7bd3e44f20cf1f2c19 ...
http://contagiodump.blogspot.com/2016/03/ransomwareosxkeranger-samples.html 
🔥🔥
 
Published: 2016 03 06 23:39:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: "i am lady" Linux.Lady trojan samples - published over 8 years ago.
Content: Bitcoin mining malware for Linux servers - samplesResearch: Dr. Web. Linux.LadySample Credit:  Tim StrazzereMD5 list:0DE8BCA756744F7F2BDB732E3267C3F455952F4F41A184503C467141B6171BA786AC68E5B09D1C4B157193BB6CB34007E2CACA9626ED93C3D137FDF494FDAE7CE9423E072AD5A31A80A31FC1F525D614Download. Email me if you need the password....
http://contagiodump.blogspot.com/2016/08/i-am-lady-linuxlady-trojan-samples.html 
🔥🔥
 
Published: 2016 08 17 04:06:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Linux.Agent malware sample - data stealer - published about 8 years ago.
Content: Research: SentinelOne, Tim Strazzere Hiding in plain sight?Sample credit: Tim StrazzereList of files9f7ead4a7e9412225be540c30e04bf98dbd69f62b8910877f0f33057ca153b65  malwared507119f6684c2d978129542f632346774fa2e96cf76fa77f377d130463e9c2c  malwarefddb36800fbd0a9c9bfffb22ce7eacbccecd1c26b0d3fb3560da5e9ed97ec14c  script.decompiled-prettyec5d4f90c91273b3794814be...
http://contagiodump.blogspot.com/2016/08/linuxagent-malware-sample-data-stealer.html 
🔥🔥
 
Published: 2016 08 24 04:18:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Part I. Russian APT - APT28 collection of samples including OSX XAgent - published almost 8 years ago.
Content:  This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or  nail another country altogether.  You can also have fun and exercise your malware analysis skills without any political agenda.The post contains malwar...
http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html 
🔥🔥
 
Published: 2017 02 21 02:23:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: DeepEnd Research: Analysis of Trump's secret server story - published over 7 years ago.
Content:  We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)Analysis of Trump's secret server story......
http://contagiodump.blogspot.com/2017/03/deepend-research-analysis-of-trumps.html 
🔥🔥
 
Published: 2017 03 20 04:28:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Part II. APT29 Russian APT including Fancy Bear - published over 7 years ago.
Content: This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src.  Mitre ATT&CK)Please see the first post here: Russian APT -...
http://contagiodump.blogspot.com/2017/03/part-ii-apt29-russian-apt-including.html 
🔥🔥
 
Published: 2017 03 31 06:02:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: DDE Command Execution malware samples - published about 7 years ago.
Content: Here are a few samples related to the recent DDE Command executionReading:10/18/2017 InQuest/yara-rules 10/18/2017 https://twitter.com/i/moments/918126999738175489 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inquest: Microsoft Office DDE Vortex Ransomware Targeting Poland10/16/2017 https://twitter.com/noottra...
http://contagiodump.blogspot.com/2017/10/dde-command-execution-malware-samples.html 
🔥🔥
 
Published: 2017 10 18 06:24:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Rootkit Umbreon / Umreon - x86, ARM samples - published over 6 years ago.
Content: Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM SystemsResearch: Trend MicroThere are two packagesone is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)DownloadDownload Email me if you need the password  File informationPart one (full package)#File NameHash ValueFile Size (on Disk)Duplicate?...
http://contagiodump.blogspot.com/2018/03/rootkit-umbreon-umreon-x86-arm-samples.html 
🔥🔥
 
Published: 2018 03 20 13:23:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: HiddenWasp Linux malware backdoor samples - published over 5 years ago.
Content: Here are Hidden Wasp Linux backdoor samples. Enjoy Reference Intezer HiddenWasp Malware Stings Targeted Linux Systems  DownloadDownload. Email me if you need the password (see in my profile) File informatio8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b8f1c51c4963c0bad6cf04444feb411d7 shellf321685342fa373c33eb9479176a086a1c56c90a1826a0aef345...
http://contagiodump.blogspot.com/2019/06/hiddenwasp-linux-malware-backdoor.html 
🔥🔥
 
Published: 2019 06 04 04:31:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Linux/AirDropBot samples - published about 5 years ago.
Content: Reference Malware Must Die:  MMD-0064-2019 - Linux/AirDropBotMirai variant targeting Linksys E-series - Remote Code ExecutiontmUnblock.cgi Download             Other malwareDownload. Email me if you need the password (see in my profile) HashesMD5SHA256SHA185a8aad8d938c44c3f3f51089a60ec161a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e372f0079b...
http://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html 
🔥🔥
 
Published: 2019 10 06 20:37:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples - published about 5 years ago.
Content: Reference Amnesia / Radiation botnet samples targeting Remote Code Execution in CCTV DVR 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet2016-08-11 CyberX Radiation IoT Cybersecurity campaignDownload             Other malwareDownload. Email me if you need the password (see in my profile) HashesMD5SHA256SHA174bf554c4bc30d172cf1...
http://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html 
🔥🔥
 
Published: 2019 10 06 21:16:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples) - published about 5 years ago.
Content: Reference2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files,  and automatically replaces cryptocurrency wallets from the clipboard with its own.It is written using Autoit scripts and then compiled into a Windows executable.It uses Telegram to exfiltrate stolen information.Down...
http://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html 
🔥🔥
 
Published: 2019 10 07 03:48:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: APT Calypso RAT, Flying Dutchman Samples - published almost 5 years ago.
Content: Reference2019-10-31 Calypso APT: new group attacking state institutions Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.Download             Other malwareDownlo...
http://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html 
🔥🔥
 
Published: 2019 12 02 04:46:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Article: 2020-12-13 SUNBURST SolarWinds Backdoor samples - published almost 4 years ago.
Content:  ReferenceI am sure you all saw the news.2020-12-13 Fireeye Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor2020-12-13 MicrosoftCustomer Guidance on Recent Nation-State Cyber Attacks Well, here are the Sunburst binaries. Here is a Sunburst malware analysis walk-through video by Colin Hardy...
http://contagiodump.blogspot.com/2020/12/2020-12-13-sunburst-solarwinds-backdoor.html 
🔥🔥
 
Published: 2020 12 14 14:47:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
09:04 ShellShock payload sample Linux.Bashlet
🔥🔥
09:04 Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples
🔥🔥
09:04 OnionDuke samples
🔥🔥
09:04 AlienSpy Java RAT samples and traffic information
🔥🔥
09:04 Video archives of security conferences and workshops
🔥🔥
09:04 Equation samples - from the Kaspersky Report and additional
🔥🔥
09:04 Collection of Pcap files from malware analysis
🔥🔥
09:04 Ask and you shall receive
🔥🔥
09:04 An Overview of Exploit Packs (Update 25) May 2015
🔥🔥
09:04 Potao Express samples
🔥🔥
09:04 Files download information
🔥🔥
09:04 Ransomware.OSX.KeRanger samples
🔥🔥
09:04 "i am lady" Linux.Lady trojan samples
🔥🔥
09:04 Linux.Agent malware sample - data stealer
🔥🔥
09:04 Part I. Russian APT - APT28 collection of samples including OSX XAgent
🔥🔥
09:04 DeepEnd Research: Analysis of Trump's secret server story
🔥🔥
09:04 Part II. APT29 Russian APT including Fancy Bear
🔥🔥
09:04 DDE Command Execution malware samples
🔥🔥
09:04 Rootkit Umbreon / Umreon - x86, ARM samples
🔥🔥
09:04 HiddenWasp Linux malware backdoor samples
🔥🔥
09:04 Linux/AirDropBot samples
🔥🔥
09:04 Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples
🔥🔥
09:04 Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples)
🔥🔥
09:04 APT Calypso RAT, Flying Dutchman Samples
🔥🔥
09:04 2020-12-13 SUNBURST SolarWinds Backdoor samples
🔥🔥

Category: Cyber Security

Articles recieved 06/06/2021
Article: GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials - published almost 4 years ago.
Content:
https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed 
🔥🔥
 
Published: 2021 02 03 13:13:35
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security
Article: APT-Hunter – Threat Hunting Tool via Windows Event Log - published over 3 years ago.
Content:
https://www.darknet.org.uk/2021/03/apt-hunter-threat-hunting-tool-via-windows-event-log/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed 
🔥🔥
 
Published: 2021 03 04 17:16:01
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security
Article: Grype – Vulnerability Scanner For Container Images & Filesystems - published over 3 years ago.
Content:
https://www.darknet.org.uk/2021/04/grype-vulnerability-scanner-for-container-images-filesystems/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed 
🔥🔥
 
Published: 2021 04 19 10:11:41
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security
Article: LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) - published over 3 years ago.
Content:
https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed 
🔥🔥
 
Published: 2021 05 07 14:49:00
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security
Article: Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack - published over 3 years ago.
Content:
https://www.darknet.org.uk/2021/05/vulhub-pre-built-vulnerable-docker-environments-for-learning-to-hack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed 
🔥🔥
 
Published: 2021 05 27 10:57:54
Received: 2021 06 06 09:04:42
Feed: Darknet - The Darkside
Source: Darknet - The Darkside
Category: Cyber Security
Topic: Cyber Security
09:04 GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
🔥🔥
09:04 APT-Hunter – Threat Hunting Tool via Windows Event Log
🔥🔥
09:04 Grype – Vulnerability Scanner For Container Images & Filesystems
🔥🔥
09:04 LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
🔥🔥
09:04 Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
🔥🔥

Category: Cyber Security

Articles recieved 06/06/2021
Article: metatool.py - published over 3 years ago.
Content: metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs. More info can be found in my SANS Internet Storm Center diary entry “Finding Metasploit & Cobalt Strike URLs“. It is still in my Github beta repository here. ...
https://blog.didierstevens.com/2021/04/18/metatool-py/ 
🔥🔥
 
Published: 2021 04 18 17:56:33
Received: 2021 06 06 09:04:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Lua CSV Wireshark Dissector - published over 3 years ago.
Content: In December 2020 I provided online Wireshark training to one of our NVISO clients. During the second day, when we cover the development of custom dissectors written in Lua, a question about CSV data came up. When the data exchanged over TCP, for example, has the CSV format (fields separated by a separator), how can I write a dissector for that? While answeri...
https://blog.didierstevens.com/2021/04/19/lua-csv-wireshark-dissector/ 
🔥🔥
 
Published: 2021 04 19 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: isodump.py - published over 3 years ago.
Content: This is a new tool (beta) to analyze ISO files. I made this for a webinar I presented: a demo on how to use my templates to create your own tools. isodump.py is in my Github beta repository. The complete webinar is here, if you want to jump directly to the demo where I explain how to make a tool like isodump.py, go here. ...
https://blog.didierstevens.com/2021/04/25/isodump-py/ 
🔥🔥
 
Published: 2021 04 25 10:13:54
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Quickpost: Decrypting Cobalt Strike Traffic - published over 3 years ago.
Content: I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings. Cobalt Strike beacons communicating over HTTP encrypt their data with AES (unless a trial version is used). I found code to decrypt/encrypt such data in the PyBeacon and Geacon Github repositories. ...
https://blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic/ 
🔥🔥
 
Published: 2021 04 26 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Overview of Content Published in April - published over 3 years ago.
Content: Here is an overview of content I published in April: Blog posts: metatool.py Lua CSV Wireshark Dissector isodump.py Quickpost: Decrypting Cobalt Strike Traffic YouTube videos: YARA and CyberChef YARA and CyberChef: ZIP Decoding Cobalt Strike Traffic Lua CSV Wireshark Dissector The Security Toolsmith (NVISO Brown Bag 2021) Videoblog posts: YARA and Cyber...
https://blog.didierstevens.com/2021/05/02/overview-of-content-published-in-april-6/ 
🔥🔥
 
Published: 2021 05 02 19:16:58
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: 1768.py Version 0.0.6 - published over 3 years ago.
Content: This new version of 1768.py, my tool to analyze Cobalt Stike beacons, has fixes, support for more encodings, and an option to output the config in JSON format. 1768_v0_0_6.zip (https) MD5: EB9C949BB7B5DD3EF9ECEBF7F3C21184 SHA256: 3EC0BB7B41CC5C0E1534F09BAE67D62B220F8D83A7F02EC0F856F8741F86EB31 ...
https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ 
🔥🔥
 
Published: 2021 05 22 15:06:15
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: re-search.py Version 0.0.17 - published over 3 years ago.
Content: This new version of re-search.py adds gzip support and filtering of private IPv4 addresses: re-search_V0_0_17.zip (https) MD5: 8945F435BDA03D73EF7A2BA1AA64A65E SHA256: 0D74709B9F26FC7F6EEADAEE1BAA3AF7AADAA618F88B1C267BA5A063C8E3D997 ...
https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ 
🔥🔥
 
Published: 2021 05 23 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: base64dump.py Version 0.0.14 - published over 3 years ago.
Content: This new version of base64dump.py supports a new encoding: NETBIOS Name encoding. NETBIOS Name encoding is very similar to hexadecimal encoding: in stead of hexadecimal digits 0-9 and a-f, letters A-P are used. I encountered this in DNS TXT records of a Cobalt Strike DNS stager. More on that later. base64dump_V0_0_14.zip (https)MD5: 35BF4900BED...
https://blog.didierstevens.com/2021/05/25/update-base64dump-py-version-0-0-14/ 
🔥🔥
 
Published: 2021 05 25 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: New Tool: cs-dns-stager.py - published over 3 years ago.
Content: cs-dns-stager.py is a quick & dirty tool I wrote to retrieve a Cobalt Strike DNS beacon from its server, if you only have the IP address of said server. If you want to know more about Cobalt Strike and DNS, watch this video I recorded: ...
https://blog.didierstevens.com/2021/05/30/new-tool-cs-dns-stager-py/ 
🔥🔥
 
Published: 2021 05 30 17:59:01
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Overview of Content Published in May - published over 3 years ago.
Content: Here is an overview of content I published in May: Blog posts: Update: 1768.py Version 0.0.6 Update: re-search.py Version 0.0.17 Update: base64dump.py Version 0.0.14 New Tool: cs-dns-stager.py YouTube videos: Making Sense Of Encrypted Cobalt Strike Traffic Cobalt Strike & DNS – Part 1 Videoblog posts: Making Sense Of Encrypted Cobalt Strike Traffi...
https://blog.didierstevens.com/2021/06/04/overview-of-content-published-in-may-6/ 
🔥🔥
 
Published: 2021 06 04 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:04 metatool.py
🔥🔥
09:04 Lua CSV Wireshark Dissector
🔥🔥
09:04 isodump.py
🔥🔥
09:04 Quickpost: Decrypting Cobalt Strike Traffic
🔥🔥
09:04 Overview of Content Published in April
🔥🔥
09:04 Update: 1768.py Version 0.0.6
🔥🔥
09:04 Update: re-search.py Version 0.0.17
🔥🔥
09:04 Update: base64dump.py Version 0.0.14
🔥🔥
09:04 New Tool: cs-dns-stager.py
🔥🔥
09:04 Overview of Content Published in May
🔥🔥

Category: Cyber Security

Articles recieved 06/06/2021
Article: Converting NMAP XML Files to HTML with xsltproc - published almost 4 years ago.
Content: NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit.  This enables the scan data to be parsed by other tools such as Metasploit’s db_import or even NMAP’s own Zenmap GUI.  While XML is great for parsing, it’s not really easy for humans to read.  I have found several people are unaware of the fac...
/blog/2021/01/converting-nmap-xml-files-to-html-with-xsltproc.html 
🔥🔥
 
Published: 2021 01 14 16:30:00
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: LD_PRELOAD: How to Run Code at Load Time - published over 3 years ago.
Content:     Today I want to continue the series on using LD_PRELOAD.  In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library function call to run our own code.  This is great when we want to overwrite the behavior of external library calls in a process, but we would have to wait for that call to happen fi...
/blog/2021/02/ld_preload-how-to-run-code-at-load-time.html 
🔥🔥
 
Published: 2021 02 24 15:40:00
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: Three Excellent API Security Practices Most People Neglect - published over 3 years ago.
Content: We are very much in the age of APIs. From widely-used single-purpose products like Slack to cloud-based solutions like Amazon Web Services (AWS) and Microsoft Azure, APIs are used to drive business processes in all kinds of industries, every day. For tech companies, whether you’re doing a monolithic back-end, containerized microservices, or serverless archi...
/blog/2021/04/three-excellent-api-security-practices-most-people-neglect.html 
🔥🔥
 
Published: 2021 04 15 14:00:36
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: A Hacker’s Tour of the X86 CPU Architecture - published over 3 years ago.
Content: Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU arc...
/blog/2021/04/a-hackers-tour-of-the-x86-cpu-architecture.html 
🔥🔥
 
Published: 2021 04 20 15:15:43
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: Linux X86 Assembly – How to Build a Hello World Program in NASM - published over 3 years ago.
Content: Overview A processor understands bytecode instructions specific to that architecture.  We as humans use mnemonics to make building these instructions easier than remembering a bunch of binary codes.  These mnemonics are known as assembly instructions.  This is one of the lowest levels of programming that can be done.  This programming is a bit of a lost ...
/blog/2021/05/linux-x86-assembly-how-to-build-a-hello-world-program-in-nasm.html 
🔥🔥
 
Published: 2021 05 04 14:55:33
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start - published over 3 years ago.
Content: Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development process. Leif Dreizler wrote a great article suggesting that not only do we need to shift security left, but shift engineering right. I agree, but why stop there. We all need to cultivate a culture of consistent coll...
/blog/2021/05/appsec-cheat-code-shift-left-shift-right-up-down-start.html 
🔥🔥
 
Published: 2021 05 04 14:57:50
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: Linux X86 Assembly – How to Build a Hello World Program in GAS - published over 3 years ago.
Content: Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM.  Today, we will cover how to do the same thing, but this time using the GAS toolchain instead.  This will allow us to review the differences in the source code syntax and structure, as well as the difference in the build process. Prerequisite Knowledge ...
/blog/2021/05/linux-x86-assembly-how-to-build-a-hello-world-program-in-gas.html 
🔥🔥
 
Published: 2021 05 11 16:18:46
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: Run as Admin: Executive Order on Cybersecurity - published over 3 years ago.
Content: On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune 500 and brings them into the public sector as well. President Trump issued similar executive orders including one in 2017,  another in 2018, two in 2019 and three in 2020, but we will cover those at a different...
/blog/2021/05/run-as-admin-executive-order-on-cybersecurity.html 
🔥🔥
 
Published: 2021 05 14 15:44:34
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: The Best Way to Capture Traffic in 2021 - published over 3 years ago.
Content: There are times when you need to capture some network traffic.  Maybe you’re troubleshooting a communication issue or maybe you’re doing something a little more suspect on a penetration test (looking for that clear text communication floating on the network to a host).  On top of needing a capture, you may not want to install a third party capture tool like...
/blog/2021/05/the-best-way-to-capture-traffic-in-2021.html 
🔥🔥
 
Published: 2021 05 25 16:21:04
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
Article: Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload - published over 3 years ago.
Content: Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly.  While this can help us learn x86 assembly, it isn’t viable as a payload for use in exploits in its current form.  Today’s blog will look into what those issues are, how they impact the code’s use as a payload, and what we can do to address those issues. ...
/blog/2021/06/linux-x86-assembly-how-to-make-our-hello-world-usable-as-an-exploit-payload.html 
🔥🔥
 
Published: 2021 06 01 14:13:33
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security
09:04 Converting NMAP XML Files to HTML with xsltproc
🔥🔥
09:04 LD_PRELOAD: How to Run Code at Load Time
🔥🔥
09:04 Three Excellent API Security Practices Most People Neglect
🔥🔥
09:04 A Hacker’s Tour of the X86 CPU Architecture
🔥🔥
09:04 Linux X86 Assembly – How to Build a Hello World Program in NASM
🔥🔥
09:04 AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start
🔥🔥
09:04 Linux X86 Assembly – How to Build a Hello World Program in GAS
🔥🔥
09:04 Run as Admin: Executive Order on Cybersecurity
🔥🔥
09:04 The Best Way to Capture Traffic in 2021
🔥🔥
09:04 Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload
🔥🔥
Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 50,900
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor