Article: AWK-ward! - published almost 12 years ago. Content: Yesterday I got an email friend who complained that "awk is still a mystery". Not being one to ignore a cry for help with the command line, I was motivated to write up a simple introduction to the basics of awk. But where to post it? I know! We've got this little blog we're not doing anything with at the moment (er, yeah, sorry about that folks-- life's ... http://blog.commandlinekungfu.com/2012/12/awk-ward.html Published: 2012 12 20 05:01:00 Received: 2023 03 31 08:44:33 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: An AWK-ward Response - published almost 12 years ago. Content: A couple of weeks ago I promised some answers to the exercises I proposed at the end of my last post. What we have here is a case of, "Better late than never!" 1. If you go back and look at the example where I counted the number of processes per user, you'll notice that the "UID" header from the ps command ends up being counted. How would you suppress this... http://blog.commandlinekungfu.com/2013/01/an-awk-ward-response.html Published: 2013 01 07 00:29:00 Received: 2023 03 31 08:44:33 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #166: Ping A Little Log For Me - published over 11 years ago. Content: We've been away for a while because, frankly, we ran out of material. In the meantime we tried to come up with some new ideas and there have had a few requests, but sadly they were all redundant, became scripts, or both. We've been looking long and hard for Fu that works in this format, and we've finally found it! Nathan Sweaney wrote in with a great idea! ... http://blog.commandlinekungfu.com/2013/03/episode-166-ping-little-log-for-me.html Published: 2013 03 12 09:00:00 Received: 2023 03 31 08:44:33 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #167: Big MAC - published over 11 years ago. Content: Hal checks into Twitter: So there I was, browsing my Twitter timeline and a friend forwarded a link to Jeremy Ashkenas' github site. Jeremy created an alias for changing your MAC address to a random value. This is useful when you're on a public WiFi network that only gives you a small amount of free minutes. Since most of these services keep track by not... http://blog.commandlinekungfu.com/2013/06/episode-167-big-mac.html Published: 2013 06 18 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #168: Scan On, You Crazy Command Line - published over 11 years ago. Content: Hal gets back to our roots With one ear carefully tuned to cries of desperation from the Internet, it's no wonder I picked up on this plea from David Nides on Twitter: Request today, we need 2 scan XX terabytes of data across 3k file shares 4any files that have not been MAC since 2012. Then move files to x.— David Nides (@DAVNADS) March 13, 2013 Whenever ... http://blog.commandlinekungfu.com/2013/07/episode-168-scan-on-you-crazy-command.html Published: 2013 07 02 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #169: Move Me Maybe - published about 11 years ago. Content: Tim checks the mailbag Carlos IHaveNoLastName writes in asking for a way to move a directory to a new destination. That's easy, but the directory should only be moved if the the directory (at any depth) does NOT contain a file with a specific extenstion. Here is an example of a sample directory structure: SomeTopDir1 |-OtherDir1 | |-File1 | |-File2 | ... http://blog.commandlinekungfu.com/2013/08/episode-169-move-me-maybe.html Published: 2013 08 06 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #170: Fearless Forensic File Fu - published about 11 years ago. Content: Hal receives a cry for help Fellow forensicator Craig was in a bit of a quandary. He had a forensic image in "split raw" format-- a complete forensic image broken up into small pieces. Unfortunately for him, the pieces were named "fileaa", "fileab", "fileac", and so on while his preferred tool wanted the files to be named "file.001", "file.002", "file.003... http://blog.commandlinekungfu.com/2013/09/episode-170-fearless-forensic-file-fu.html Published: 2013 09 27 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #171: Flexibly Finding Firewall Phrases - published about 11 years ago. Content: Old Tim answers an old email Patrick Hoerter writes in: I have a large firewall configuration file that I am working with. It comes from that vendor that likes to prepend each product they sell with the same "well defended" name. Each configuration item inside it is multiple lines starting with "edit" and ending with "next". I'm trying to extract only th... http://blog.commandlinekungfu.com/2013/10/episode-171-flexibly-finding-firewall.html Published: 2013 10 08 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #172: Who said bigger is better? - published almost 11 years ago. Content: Tim sweats the small stuff Ted S. writes in: "I have a number of batch scripts which turn a given input file into a configurable amount of versions, all of which will contain identical data content, but none of which, ideally, contain the same byte content. My problem is, how do I, using *only* XP+ cmd (no other scripting - PowerShell, jsh, wsh, &c), ... http://blog.commandlinekungfu.com/2013/11/episode-172-who-said-bigger-is-better.html Published: 2013 11 26 09:18:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #173: Tis the Season - published almost 11 years ago. Content: Hal finds some cheer From somewhere near the borders of scriptistan, we send you: function t { for ((i=0; $i < $1; i++)); do s=$((8-$i)); e=$((8+$i)); for ((j=0; j <= $e; j++)); do [ $j -ge $s ] && echo -n '^' || echo -n ' '; done; echo; done } function T { for ((i=0; $i < $1; i++)); do for ((j=... http://blog.commandlinekungfu.com/2013/12/episode-173-tis-season.html Published: 2013 12 31 10:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #174: Lightning Lockdown - published almost 11 years ago. Content: Hal firewalls fast Recently a client needed me to quickly set up an IP Tables firewall on a production server that was effectively open on the Internet. I knew very little about the machine, and we couldn't afford to break any of the production traffic to and from the box. It occurred to me that a decent first approximation would be to simply look at the n... http://blog.commandlinekungfu.com/2014/01/episode-174-lightning-lockdown.html Published: 2014 01 28 10:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #175: More Time! We Need More Time! - published over 10 years ago. Content: Tim leaps in Every four years (or so) we get an extra day in February, leap year. When I was a kid this term confused me. Frogs leap, they leap over things. A leap year should be shorter! Obviously, I was wrong. This extra day can give us extra time to complete tasks (e.g. write blog post), so we are going to use our shells to check if the current year is ... http://blog.commandlinekungfu.com/2014/02/episode-175-more-time-we-need-more-time.html Published: 2014 02 28 10:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #176: Step Up to the WMIC - published over 10 years ago. Content: Tim grabs the mic: Michael Behan writes in: Perhaps you guys can make this one better. Haven’t put a ton of thought into it: C:\> (echo HTTP/1.0 200 OK & wmic process list full /format:htable) | nc -l -p 3000 Then visit http://127.0.0.1:3000 This could of course be used to generate a lot more HTML reports via wmic that are quick to save from the ... http://blog.commandlinekungfu.com/2014/03/episode-176-step-up-to-wmic.html Published: 2014 03 31 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #177: There and Back Again - published over 10 years ago. Content: Hal finds some old mail Way, way back after Episode #170 Tony Reusser sent us a follow-up query. If you recall, Episode #170 showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.001", "file.002", "file.003". Tony's question was how to go back the other way-- from "file.001" to "fileaa", "file.002" to "fileab", and so on.... http://blog.commandlinekungfu.com/2014/04/episode-177-there-and-back-again.html Published: 2014 05 01 01:01:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #178: Luhn-acy - published over 10 years ago. Content: Hal limbers up in the dojo To maintain our fighting trim here in the Command Line Kung Fu dojo, we like to set little challenges for ourselves from time to time. Of course, we prefer it when our loyal readers send us ideas, so keep those emails coming! Really... please oh please oh please keep those emails coming... please, please, please... ahem, but I d... http://blog.commandlinekungfu.com/2014/05/not-ready-yet-episode-178-luhn-acy.html Published: 2014 05 26 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #179: The Check is in the Mail - published over 10 years ago. Content: Tim mails one in: Bob Meckle writes in: I have recently come across a situation where it would be greatly beneficial to build a script to check revocation dates on certificates issued using a certain template, and send an email to our certificate staff letting them know which certificates will expire within the next 6 weeks. I am wondering if you guys hav... http://blog.commandlinekungfu.com/2014/06/episode-179-check-is-in-mail.html Published: 2014 06 30 21:51:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #180: Open for the Holidays! - published almost 10 years ago. Content: Not-so-Tiny Tim checks in with the ghost of Christmas present: I know many of you have been sitting on Santa's lap wishing for more Command Line Kung Fu. Well, we've heard your pleas and are pushing one last Episode out before the New Year! We come bearing a solution for a problem we've all encountered. Ever try to delete or modify a file and receive an e... http://blog.commandlinekungfu.com/2014/12/episode-180-open-for-holidays.html Published: 2014 12 31 12:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #181: Making Contact - published about 7 years ago. Content: Hal wanders back on stage Whew! Sure is dusty in here! Man, those were the days! It started with Ed jamming on Twitter and me heckling from the audience. Then Ed invited me up on stage (once we built the stage), and that was some pretty sweet kung fu. Then Tim joined the band, Ed left, and the miles, and the booze, and the groupies got to be too much. But ... http://blog.commandlinekungfu.com/2017/10/episode-181-making-contact.html Published: 2017 10 03 13:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples - published almost 10 years ago. Content: PART II Wirelurker for Windows (WinLurker) Research: Palo Alto Claud Xiao: Wirelurker for Windows Sample credit: Claud Xiao PART I Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X MalwarePalo Alto |Claud Xiao - blog post WirelurkerWirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector Sample credit: Clau... https://contagiodump.blogspot.com/2014/11/wirelurker-for-osx-ios-part-i-and.html Published: 2014 11 07 01:57:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: OnionDuke samples - published almost 10 years ago. Content: Research: F-Secure: OnionDuke: APT Attacks Via the Tor Network Download Download. Email me if you need the password (new link) File attributes Size: 219136 MD5: 28F96A57FA5FF663926E9BAD51A1D0CB Size: 126464 MD5: C8EB6040FD02D77660D19057A38FF769 Size: 316928 MD5: D1CE79089578DA2D41F1AD901F7B1014 Vir... https://contagiodump.blogspot.com/2014/11/onionduke-samples.html Published: 2014 11 16 03:58:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: AlienSpy Java RAT samples and traffic information - published almost 10 years ago. Content: AlienSpy Java based cross platform RAT is another reincarnation of ever popular Unrecom/Adwind and Frutas RATs that have been circulating through 2014. It appears to be used in the same campaigns as was Unrccom/Adwind - see the references. If C2 responds, the java RAT downloads Jar files containing Windows Pony/Ponik loader. The RAT is crossplatform and ... https://contagiodump.blogspot.com/2014/11/alienspy-java-rat-samples-and-traffic.html Published: 2014 11 17 21:16:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Video archives of security conferences and workshops - published almost 10 years ago. Content: Just some links for your enjoyment List of security conferences in 2014 Video archives: AIDE (Appalachian Institute of Digital Evidence) 2013 2012 2011 Blackhat 2012 or 2012 torrent Botconf 2013 Bsides BSides DC 2014 BSides Chicago 2014 BSides Nashville 2014 BSides Augusta 2014 BSides Huntsville 2014 BSides Las Vegas 2014 BSidesDE 2013 BSid... https://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html Published: 2015 01 05 04:11:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Collection of Pcap files from malware analysis - published over 9 years ago. Content: Update: Feb 19. 2015 We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps. I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps lis... https://contagiodump.blogspot.com/2013/04/collection-of-pcap-files-from-malware.html Published: 2015 02 20 04:39:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Ask and you shall receive - published over 9 years ago. Content: I get emails from readers asking for specific malware samples and thought I would make a mini post about it. Yes, I often obtain samples from various sources for my own research. I am sometimes too lazy/busy to post them but don't mind sharing. If you are looking for a particular sample, feel free to ask. I might have it. Send MD5 (several or few s... https://contagiodump.blogspot.com/2015/03/ask-and-you-shall-receive.html Published: 2015 03 09 01:08:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: An Overview of Exploit Packs (Update 25) May 2015 - published over 9 years ago. Content: Update May 12, 2015 Added CVE-2015-0359 and updates for CVE-2015-0336 Exploit kit table 2014- 2015 (Sortable HTML table) Reference table : Exploit References 2014-2015 Update March 20, 2015 Added CVE-2015-0336 ------------------------ Update February 19, 2015 Added Hanjuan Exploit kit and CVE-2015-3013 for Angler Update... https://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html Published: 2015 05 12 04:30:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Potao Express samples - published about 9 years ago. Content: http://www.welivesecurity.com/2015/07/30/operation-potao-express/ http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf TL; DR 2011- July 2015 Aka Sapotao and node69 Group - Sandworm / Quedagh APT Vectors - USB, exe as doc, xls Victims - RU, BY, AM, GE Victims - MMM group, UA gov truecryptrussia.ru has be... https://contagiodump.blogspot.com/2015/08/potao-express-samples.html Published: 2015 08 12 12:24:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Files download information - published over 8 years ago. Content: After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account. It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with ... https://contagiodump.blogspot.com/2016/02/files-download-information.html Published: 2016 02 23 20:48:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Ransomware.OSX.KeRanger samples - published over 8 years ago. Content: Research: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud Xiao Sample credit: Claud Xiao File information d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 1d6297e2427f1d00a5b355d6d50809cb Transmission-2.90.dmg e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 56b1d956112b0b7... https://contagiodump.blogspot.com/2016/03/ransomwareosxkeranger-samples.html Published: 2016 03 06 23:39:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: "i am lady" Linux.Lady trojan samples - published about 8 years ago. Content: Bitcoin mining malware for Linux servers - samples Research: Dr. Web. Linux.Lady Sample Credit: Tim Strazzere MD5 list: 0DE8BCA756744F7F2BDB732E3267C3F4 55952F4F41A184503C467141B6171BA7 86AC68E5B09D1C4B157193BB6CB34007 E2CACA9626ED93C3D137FDF494FDAE7C E9423E072AD5A31A80A31FC1F525D614 Download. Email me if you need the password. ... https://contagiodump.blogspot.com/2016/08/i-am-lady-linuxlady-trojan-samples.html Published: 2016 08 17 04:06:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Linux.Agent malware sample - data stealer - published about 8 years ago. Content: Research: SentinelOne, Tim Strazzere Hiding in plain sight? Sample credit: Tim Strazzere List of files 9f7ead4a7e9412225be540c30e04bf98dbd69f62b8910877f0f33057ca153b65 malware d507119f6684c2d978129542f632346774fa2e96cf76fa77f377d130463e9c2c malware fddb36800fbd0a9c9bfffb22ce7eacbccecd1c26b0d3fb3560da5e9ed97ec14c script.decompiled-pretty ec5d4f90c912... https://contagiodump.blogspot.com/2016/08/linuxagent-malware-sample-data-stealer.html Published: 2016 08 24 04:18:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Part I. Russian APT - APT28 collection of samples including OSX XAgent - published over 7 years ago. Content: This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or nail another country altogether. You can also have fun and exercise your malware analysis skills without any political agenda. The post c... https://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html Published: 2017 02 21 02:23:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: DeepEnd Research: Analysis of Trump's secret server story - published over 7 years ago. Content: We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research) Analysis of Trump's secret server story... ... https://contagiodump.blogspot.com/2017/03/deepend-research-analysis-of-trumps.html Published: 2017 03 20 04:28:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Part II. APT29 Russian APT including Fancy Bear - published over 7 years ago. Content: This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src. Mitre ATT&CK) Please see the first post here: Russian ... https://contagiodump.blogspot.com/2017/03/part-ii-apt29-russian-apt-including.html Published: 2017 03 31 06:02:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: DDE Command Execution malware samples - published about 7 years ago. Content: Here are a few samples related to the recent DDE Command execution DDE Macro-less Command Execution Vulnerability Download. Email me if you need the password (updated sample pack)Links updated: Jan 20, 2023 References Reading:10/18/2017 InQuest/yara-rules 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inq... https://contagiodump.blogspot.com/2017/10/dde-command-execution-malware-samples.html Published: 2017 10 18 06:24:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Rootkit Umbreon / Umreon - x86, ARM samples - published over 6 years ago. Content: Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems Research: Trend Micro There are two packages one is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package) Download Email me if you need the password Links updated: Jan 19, 2023 File information Part one (full package) #File Name... https://contagiodump.blogspot.com/2018/03/rootkit-umbreon-umreon-x86-arm-samples.html Published: 2018 03 20 13:23:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: HiddenWasp Linux malware backdoor samples - published over 5 years ago. Content: Intezer HiddenWasp Malware Stings Targeted Linux Systems Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan 19, 2023 File informatio 8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b 8f1c51c4963c0bad6cf04444feb411d7 shell f321685342fa373c33eb9479176a086a1c56c90a1826a... https://contagiodump.blogspot.com/2019/06/hiddenwasp-linux-malware-backdoor.html Published: 2019 06 04 04:31:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Linux/AirDropBot samples - published about 5 years ago. Content: Malware Must Die: MMD-0064-2019 - Linux/AirDropBot Mirai variant targeting Linksys E-series - Remote Code Execution tmUnblock.cgi Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress)Links updated: Jan 19, 2023 Hashes MD5 SHA256 SHA1 85a8aad8d938c44c3f3f51089a60ec16 1a75... https://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html Published: 2019 10 06 20:37:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples - published about 5 years ago. Content: Amnesia / Radiation botnet samples Remote Code Execution in CCTV DVR (kerneronsec.com - 2016) 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet 2016-08-11 CyberX Radiation IoT Cybersecurity campaign Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan ... https://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html Published: 2019 10 06 21:16:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples) - published about 5 years ago. Content: 2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own. It is written using Autoit scripts and then compiled into a Windows executable. It uses Telegram to exfiltrate stolen information.Downl... https://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html Published: 2019 10 07 03:48:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: APT Calypso RAT, Flying Dutchman Samples - published almost 5 years ago. Content: 2019-10-31 Calypso APT: new group attacking state institutions Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data. Download. Email me if you need the passw... https://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html Published: 2019 12 02 04:46:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: KPOT info stealer samples - published over 4 years ago. Content: KPOT Stealer is a “stealer” malware that focuses on stealing account information and other data from various software applications and servicesDownload. Email me if you need the password (see in my profile)Download 1 (from Didier Stevens' post)Download 2 (Proofpoint)Malware Inventory (work in progress)Links updated: Jan 19, 2023 References ... https://contagiodump.blogspot.com/2020/04/kpot-info-stealer-samples.html Published: 2020 04 19 15:27:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) - published over 1 year ago. Content: 2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted ... https://contagiodump.blogspot.com/2023/02/malware-arsenal-used-by-ember-bear-aka.html Published: 2023 02 18 07:59:00 Received: 2023 03 31 08:41:23 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Scottish building firm renews SBD membership - published over 1 year ago. Content: Scottish building firm City Building (Glasgow) LLP has renewed its membership with Secured by Design (SBD), the national police crime prevention initiative. The company provides a range of repairs and maintenance, manufacturing, construction and refurbishment activities across the public, private and third sectors. As well as providing the largest con... https://securityjournaluk.com/scottish-building-firm-renews-sbd-membership/?utm_source=rss&utm_medium=rss&utm_campaign=scottish-building-firm-renews-sbd-membership Published: 2023 03 31 08:08:51 Received: 2023 03 31 08:26:38 Feed: Security Journal UK Source: Security Journal UK Category: Security Topic: Security |
Article: Police Crime Prevention Academy rural scheme - published over 1 year ago. Content: Young farmers are being trained to help in fighting rural crime. A bespoke training course – Helping Farmers to Prevent Crime – has been developed by The National Federation of Young Farmers’ Clubs (NFYFC) and the Police Crime Prevention Academy (the Academy), in association with NFU Mutual. Inspired by an initiative started by Cumbria Federation of Y... https://securityjournaluk.com/police-crime-prevention-academy-rural-scheme/?utm_source=rss&utm_medium=rss&utm_campaign=police-crime-prevention-academy-rural-scheme Published: 2023 03 31 08:23:27 Received: 2023 03 31 08:26:38 Feed: Security Journal UK Source: Security Journal UK Category: Security Topic: Security |
|
Article: Bespoke Apple Watch Ultra in Anodized Blue Sold by Arizona Jeweler - published over 1 year ago. Content: https://www.macrumors.com/2023/03/31/bespoke-apple-watch-ultra-anodized-blue/ Published: 2023 03 31 08:18:08 Received: 2023 03 31 08:25:37 Feed: MacRumors : Mac News and Rumors Source: MacRumors : Mac News and Rumors Category: News Topic: Cyber Security |
|
Article: Kubernetes: open etcd - published almost 6 years ago. Content: Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative." -from: https://coreos.... https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html Published: 2019 01 06 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Kubernetes: cAdvisor - published almost 6 years ago. Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers." runs on port 4194 Links: https://kubernetes.io/docs/tasks/debug-application-cluster/resourc... https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html Published: 2019 01 06 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: Master Post - published almost 6 years ago. Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter. Talks you should watch if you are interested in Kubernetes: Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman https://www.youtube.com/watch?v=v... https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html Published: 2019 01 07 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: Kubelet API containerLogs endpoint - published almost 6 years ago. Content: How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +---------------+-------------+------------------+----------------------+-------... https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html Published: 2019 01 11 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Kubernetes: Kubernetes Dashboard - published almost 6 years ago. Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities +-----------------------+---------------+----------------------+----------------------+------------------+ | LOCATION ... https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html Published: 2019 01 11 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: List of ports - published almost 6 years ago. Content: Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs 10255/tcp - kublet port (read-only) /stats /metrics /pods 4194/tcp - cAdvisor 2379/tcp - etcd (see it on other ports though) Etcd hold... https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html Published: 2019 01 14 21:31:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: unauth kublet API 10250 basic code exec - published almost 6 years ago. Content: Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option. Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the ... https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html Published: 2019 01 16 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published almost 6 years ago. Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods With that data, you can craft your post request to exec within a pod so we can poke around. Example request: curl -k -XPOST "https://k8-node:102... https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html Published: 2019 01 16 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: Kube-Hunter 10255 - published almost 6 years ago. Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint or the /metrics endpoint or the /stats endpoint $ ./kube-hunter.py Choose one of the options below: 1. Remote scanning (scans one or more specific IPs or DNS names) 2. Subnet sc... https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html Published: 2019 01 16 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Abusing Docker API | Socket - published almost 6 years ago. Content: Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-wha... https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html Published: 2019 02 01 13:32:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - messing with new exploits pt1 - published over 5 years ago. Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ... https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html Published: 2019 02 26 18:46:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published over 5 years ago. Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi... https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html Published: 2019 02 27 20:23:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins Master Post - published over 5 years ago. Content: A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins... https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html Published: 2019 02 27 21:46:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published over 5 years ago. Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63... https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html Published: 2019 02 28 00:14:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published over 5 years ago. Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ... https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html Published: 2019 02 28 00:51:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - decrypting credentials.xml - published over 5 years ago. Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot... https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html Published: 2019 02 28 15:22:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - Identify IP Addresses of nodes - published over 5 years ago. Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI. Stackoverflow link: https://stackoverflow.com/questions/149303... https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html Published: 2019 03 05 02:16:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published over 5 years ago. Content: References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up to and including 2.61 Script Secur... https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html Published: 2019 03 05 03:26:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - CVE-2018-1000600 PoC - published over 5 years ago. Content: second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new j... https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html Published: 2019 03 05 19:01:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published over 5 years ago. Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these ... https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html Published: 2019 05 13 15:59:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Minecraft Mod, Follow up, and Java Reflection - published over 5 years ago. Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti... https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html Published: 2019 05 14 19:17:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Devoops: Nomad with raw_exec enabled - published almost 5 years ago. Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators...... https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html Published: 2019 12 16 16:43:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published over 4 years ago. Content: BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical 23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for payment 16 Nov 2019 13 March 2020 - Never paid - blog post posted 19 March 2020 - received... https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html Published: 2020 03 14 02:10:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published over 4 years ago. Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true... https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html Published: 2020 04 27 16:36:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Click to Open Code Editor