Article: Thousand ways to backdoor a Windows domain (forest) - published over 9 years ago. Content: When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves: http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx "The only way a domain compromise can be remediated with a high level of certainty is... https://jumpespjump.blogspot.com/2015/03/thousand-ways-to-backdoor-windows.html Published: 2015 03 05 21:04:00 Received: 2023 03 31 10:02:48 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
Article: Many ways of malware persistence (that you were always afraid to ask) - published over 9 years ago. Content: TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;) Are you into blue teaming? Have to find those pesky backdoors? This post is not that long, read it ;) In the previous post, I listed different ways how a Windows domain/forest can be backdoored. In this new post, I am digging a bit deeper, and list the most common/... https://jumpespjump.blogspot.com/2015/05/many-ways-of-malware-persistence-that.html Published: 2015 05 05 06:32:00 Received: 2023 03 31 10:02:48 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: Mythbusters: Is an open (unencrypted) WiFi more dangerous than a WPA2-PSK? Actually, it is not. - published over 9 years ago. Content: Introduction Whenever security professionals recommend the 5 most important IT security practices to average users, one of the items is usually something like: “Avoid using open Wifi” or “Always use VPN while using open WiFi” or “Avoid sensitive websites (e.g. online banking) while using open WiFI”, etc. What I think about this? It is bullshit. But le... https://jumpespjump.blogspot.com/2015/07/mythbusters-is-open-unencrypted-wifi.html Published: 2015 07 23 13:59:00 Received: 2023 03 31 10:02:48 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: How to secure your home against "Internet of Things" and FUD - published over 9 years ago. Content: TL;DR, most of the security news about IoT is full of FUD. Always put the risks in context - who can exploit this and what can the attacker do with it. Most story only covers the latter. Introduction There is rarely a day without news that another "Internet of Things" got hacked. "Smart" safes, "smart" rifles, "smart" cars, "smart" fridges, "smart" TVs,... https://jumpespjump.blogspot.com/2015/08/how-to-secure-your-home-against.html Published: 2015 08 20 11:37:00 Received: 2023 03 31 10:02:48 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
Article: How I hacked my IP camera, and found this backdoor account - published about 9 years ago. Content: The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the most affordable among all others, my expectations regarding security was low. But this camera was still able to surprise me. Maybe I will disclose the camera model used in my hack in this blog later, but first, I will try to contact someone regarding these i... https://jumpespjump.blogspot.com/2015/09/how-i-hacked-my-ip-camera-and-found.html Published: 2015 09 26 12:02:00 Received: 2023 03 31 10:02:48 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: One reason why InfoSec sucked in the past 20 years - the "security tips" myth - published over 8 years ago. Content: From time to time, I get disappointed how much effort and money is put into securing computers, networks, mobile phones, ... and yet in 2016 here we are, where not much has changed on the defensive side. There are many things I personally blame for this situation, and one of them is the security tips. The goal of these security tips is that if the averag... https://jumpespjump.blogspot.com/2016/06/one-reason-why-infosec-sucked-in-past.html Published: 2016 06 11 12:56:00 Received: 2023 03 31 10:02:47 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: Why (I believe) WADA was not hacked by the Russians - published about 8 years ago. Content: Disclaimer: This is my personal opinion. I am not an expert in attribution. But as it turns out, not many people in the world are good at attribution. I know this post lacks real evidence and is mostly based on speculation. Let's start with the main facts we know about the WADA hack, in chronological order: 1. Some point in time (August - September 20... https://jumpespjump.blogspot.com/2016/10/why-i-believe-wada-was-not-hacked-by.html Published: 2016 10 17 08:41:00 Received: 2023 03 31 10:02:47 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
Article: Recovering data from an old encrypted Time Machine backup - published over 6 years ago. Content: Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem. The problem 1. I had an encrypted Time Machine backup which was not used for months 2. This backup was not on an of... https://jumpespjump.blogspot.com/2018/07/recovering-data-from-old-encrypted-time.html Published: 2018 07 21 13:42:00 Received: 2023 03 31 10:02:47 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: How to build a "burner device" for DEF CON in one easy step - published over 6 years ago. Content: TL;DR: Don't build a burner device. Probably this is not the risk you are looking for. Introduction Every year before DEF CON people starts to give advice to attendees to bring "burner devices" to DEF CON. Some people also start to create long lists on how to build burner devices, especially laptops. But the deeper we look into the topic, the more confusi... https://jumpespjump.blogspot.com/2018/08/how-to-build-burner-device-for-def-con.html Published: 2018 08 15 07:43:00 Received: 2023 03 31 10:02:47 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: Hacktivity 2018 badge - quick start guide for beginners - published about 5 years ago. Content: You either landed on this blog post because you are a huge fan of Hacktivity you bought this badge around a year ago you are just interested in hacker conference badge hacking. or maybe all of the above. Whatever the reasons, this guide should be helpful for those who never had any real-life experience with these little gadgets. But first things fi... https://jumpespjump.blogspot.com/2019/09/hacktivity-2018-badge-quick-start-guide.html Published: 2019 09 19 08:56:00 Received: 2023 03 31 10:02:47 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
Article: The RastaLabs experience - published almost 5 years ago. Content: Introduction It was 20 November, and I was just starting to wonder what I would do during the next month. I had already left my previous job, and the new one would only start in January. Playing with PS4 all month might sound fun for some people, but I knew I would get bored quickly. Even though I have some limited red teaming experience, I always fe... https://jumpespjump.blogspot.com/2020/01/the-rastalabs-experience.html Published: 2020 01 16 14:54:00 Received: 2023 03 31 10:02:47 Feed: Jump ESP, jump! Source: Jump ESP, jump! Category: Cyber Security Topic: Cyber Security |
|
Article: NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients - published over 1 year ago. Content: https://go.theregister.com/feed/www.theregister.com/2023/03/31/nhs_highland_reprimanded_by_data/ Published: 2023 03 31 09:35:07 Received: 2023 03 31 09:43:41 Feed: The Register - Security Source: The Register - Security Category: Cyber Security Topic: Cyber Security |
|
Article: Security at Heathrow in 10-day strike over pay - published over 1 year ago. Content: Passengers using Heathrow Airport will face delays and cancellations this Easter after 1,400 security staff embarked on a 10 day strike over pay. The industrial action by the Unite union started today (March 31) after last-ditch talks ended failed to reach a resolution. The strike involves security officers at Terminal 5, used soley by British Airways... https://securityjournaluk.com/security-at-heathrow-in-10-day-strike-over-pay/?utm_source=rss&utm_medium=rss&utm_campaign=security-at-heathrow-in-10-day-strike-over-pay Published: 2023 03 31 08:52:53 Received: 2023 03 31 09:06:39 Feed: Security Journal UK Source: Security Journal UK Category: Security Topic: Security |
|
Article: AWK-ward! - published almost 12 years ago. Content: Yesterday I got an email friend who complained that "awk is still a mystery". Not being one to ignore a cry for help with the command line, I was motivated to write up a simple introduction to the basics of awk. But where to post it? I know! We've got this little blog we're not doing anything with at the moment (er, yeah, sorry about that folks-- life's ... http://blog.commandlinekungfu.com/2012/12/awk-ward.html Published: 2012 12 20 05:01:00 Received: 2023 03 31 08:44:33 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: An AWK-ward Response - published almost 12 years ago. Content: A couple of weeks ago I promised some answers to the exercises I proposed at the end of my last post. What we have here is a case of, "Better late than never!" 1. If you go back and look at the example where I counted the number of processes per user, you'll notice that the "UID" header from the ps command ends up being counted. How would you suppress this... http://blog.commandlinekungfu.com/2013/01/an-awk-ward-response.html Published: 2013 01 07 00:29:00 Received: 2023 03 31 08:44:33 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #166: Ping A Little Log For Me - published over 11 years ago. Content: We've been away for a while because, frankly, we ran out of material. In the meantime we tried to come up with some new ideas and there have had a few requests, but sadly they were all redundant, became scripts, or both. We've been looking long and hard for Fu that works in this format, and we've finally found it! Nathan Sweaney wrote in with a great idea! ... http://blog.commandlinekungfu.com/2013/03/episode-166-ping-little-log-for-me.html Published: 2013 03 12 09:00:00 Received: 2023 03 31 08:44:33 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #167: Big MAC - published over 11 years ago. Content: Hal checks into Twitter: So there I was, browsing my Twitter timeline and a friend forwarded a link to Jeremy Ashkenas' github site. Jeremy created an alias for changing your MAC address to a random value. This is useful when you're on a public WiFi network that only gives you a small amount of free minutes. Since most of these services keep track by not... http://blog.commandlinekungfu.com/2013/06/episode-167-big-mac.html Published: 2013 06 18 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #168: Scan On, You Crazy Command Line - published over 11 years ago. Content: Hal gets back to our roots With one ear carefully tuned to cries of desperation from the Internet, it's no wonder I picked up on this plea from David Nides on Twitter: Request today, we need 2 scan XX terabytes of data across 3k file shares 4any files that have not been MAC since 2012. Then move files to x.— David Nides (@DAVNADS) March 13, 2013 Whenever ... http://blog.commandlinekungfu.com/2013/07/episode-168-scan-on-you-crazy-command.html Published: 2013 07 02 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #169: Move Me Maybe - published over 11 years ago. Content: Tim checks the mailbag Carlos IHaveNoLastName writes in asking for a way to move a directory to a new destination. That's easy, but the directory should only be moved if the the directory (at any depth) does NOT contain a file with a specific extenstion. Here is an example of a sample directory structure: SomeTopDir1 |-OtherDir1 | |-File1 | |-File2 | ... http://blog.commandlinekungfu.com/2013/08/episode-169-move-me-maybe.html Published: 2013 08 06 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #170: Fearless Forensic File Fu - published about 11 years ago. Content: Hal receives a cry for help Fellow forensicator Craig was in a bit of a quandary. He had a forensic image in "split raw" format-- a complete forensic image broken up into small pieces. Unfortunately for him, the pieces were named "fileaa", "fileab", "fileac", and so on while his preferred tool wanted the files to be named "file.001", "file.002", "file.003... http://blog.commandlinekungfu.com/2013/09/episode-170-fearless-forensic-file-fu.html Published: 2013 09 27 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #171: Flexibly Finding Firewall Phrases - published about 11 years ago. Content: Old Tim answers an old email Patrick Hoerter writes in: I have a large firewall configuration file that I am working with. It comes from that vendor that likes to prepend each product they sell with the same "well defended" name. Each configuration item inside it is multiple lines starting with "edit" and ending with "next". I'm trying to extract only th... http://blog.commandlinekungfu.com/2013/10/episode-171-flexibly-finding-firewall.html Published: 2013 10 08 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #172: Who said bigger is better? - published almost 11 years ago. Content: Tim sweats the small stuff Ted S. writes in: "I have a number of batch scripts which turn a given input file into a configurable amount of versions, all of which will contain identical data content, but none of which, ideally, contain the same byte content. My problem is, how do I, using *only* XP+ cmd (no other scripting - PowerShell, jsh, wsh, &c), ... http://blog.commandlinekungfu.com/2013/11/episode-172-who-said-bigger-is-better.html Published: 2013 11 26 09:18:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #173: Tis the Season - published almost 11 years ago. Content: Hal finds some cheer From somewhere near the borders of scriptistan, we send you: function t { for ((i=0; $i < $1; i++)); do s=$((8-$i)); e=$((8+$i)); for ((j=0; j <= $e; j++)); do [ $j -ge $s ] && echo -n '^' || echo -n ' '; done; echo; done } function T { for ((i=0; $i < $1; i++)); do for ((j=... http://blog.commandlinekungfu.com/2013/12/episode-173-tis-season.html Published: 2013 12 31 10:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #174: Lightning Lockdown - published almost 11 years ago. Content: Hal firewalls fast Recently a client needed me to quickly set up an IP Tables firewall on a production server that was effectively open on the Internet. I knew very little about the machine, and we couldn't afford to break any of the production traffic to and from the box. It occurred to me that a decent first approximation would be to simply look at the n... http://blog.commandlinekungfu.com/2014/01/episode-174-lightning-lockdown.html Published: 2014 01 28 10:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #175: More Time! We Need More Time! - published over 10 years ago. Content: Tim leaps in Every four years (or so) we get an extra day in February, leap year. When I was a kid this term confused me. Frogs leap, they leap over things. A leap year should be shorter! Obviously, I was wrong. This extra day can give us extra time to complete tasks (e.g. write blog post), so we are going to use our shells to check if the current year is ... http://blog.commandlinekungfu.com/2014/02/episode-175-more-time-we-need-more-time.html Published: 2014 02 28 10:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #176: Step Up to the WMIC - published over 10 years ago. Content: Tim grabs the mic: Michael Behan writes in: Perhaps you guys can make this one better. Haven’t put a ton of thought into it: C:\> (echo HTTP/1.0 200 OK & wmic process list full /format:htable) | nc -l -p 3000 Then visit http://127.0.0.1:3000 This could of course be used to generate a lot more HTML reports via wmic that are quick to save from the ... http://blog.commandlinekungfu.com/2014/03/episode-176-step-up-to-wmic.html Published: 2014 03 31 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #177: There and Back Again - published over 10 years ago. Content: Hal finds some old mail Way, way back after Episode #170 Tony Reusser sent us a follow-up query. If you recall, Episode #170 showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.001", "file.002", "file.003". Tony's question was how to go back the other way-- from "file.001" to "fileaa", "file.002" to "fileab", and so on.... http://blog.commandlinekungfu.com/2014/04/episode-177-there-and-back-again.html Published: 2014 05 01 01:01:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #178: Luhn-acy - published over 10 years ago. Content: Hal limbers up in the dojo To maintain our fighting trim here in the Command Line Kung Fu dojo, we like to set little challenges for ourselves from time to time. Of course, we prefer it when our loyal readers send us ideas, so keep those emails coming! Really... please oh please oh please keep those emails coming... please, please, please... ahem, but I d... http://blog.commandlinekungfu.com/2014/05/not-ready-yet-episode-178-luhn-acy.html Published: 2014 05 26 09:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #179: The Check is in the Mail - published over 10 years ago. Content: Tim mails one in: Bob Meckle writes in: I have recently come across a situation where it would be greatly beneficial to build a script to check revocation dates on certificates issued using a certain template, and send an email to our certificate staff letting them know which certificates will expire within the next 6 weeks. I am wondering if you guys hav... http://blog.commandlinekungfu.com/2014/06/episode-179-check-is-in-mail.html Published: 2014 06 30 21:51:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Episode #180: Open for the Holidays! - published almost 10 years ago. Content: Not-so-Tiny Tim checks in with the ghost of Christmas present: I know many of you have been sitting on Santa's lap wishing for more Command Line Kung Fu. Well, we've heard your pleas and are pushing one last Episode out before the New Year! We come bearing a solution for a problem we've all encountered. Ever try to delete or modify a file and receive an e... http://blog.commandlinekungfu.com/2014/12/episode-180-open-for-holidays.html Published: 2014 12 31 12:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
Article: Episode #181: Making Contact - published about 7 years ago. Content: Hal wanders back on stage Whew! Sure is dusty in here! Man, those were the days! It started with Ed jamming on Twitter and me heckling from the audience. Then Ed invited me up on stage (once we built the stage), and that was some pretty sweet kung fu. Then Tim joined the band, Ed left, and the miles, and the booze, and the groupies got to be too much. But ... http://blog.commandlinekungfu.com/2017/10/episode-181-making-contact.html Published: 2017 10 03 13:00:00 Received: 2023 03 31 08:44:32 Feed: Command Line Kung Fu Source: Command Line Kung Fu Category: News Topic: Security Tooling |
|
Article: Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples - published about 10 years ago. Content: PART II Wirelurker for Windows (WinLurker) Research: Palo Alto Claud Xiao: Wirelurker for Windows Sample credit: Claud Xiao PART I Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X MalwarePalo Alto |Claud Xiao - blog post WirelurkerWirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector Sample credit: Clau... https://contagiodump.blogspot.com/2014/11/wirelurker-for-osx-ios-part-i-and.html Published: 2014 11 07 01:57:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: OnionDuke samples - published about 10 years ago. Content: Research: F-Secure: OnionDuke: APT Attacks Via the Tor Network Download Download. Email me if you need the password (new link) File attributes Size: 219136 MD5: 28F96A57FA5FF663926E9BAD51A1D0CB Size: 126464 MD5: C8EB6040FD02D77660D19057A38FF769 Size: 316928 MD5: D1CE79089578DA2D41F1AD901F7B1014 Vir... https://contagiodump.blogspot.com/2014/11/onionduke-samples.html Published: 2014 11 16 03:58:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: AlienSpy Java RAT samples and traffic information - published about 10 years ago. Content: AlienSpy Java based cross platform RAT is another reincarnation of ever popular Unrecom/Adwind and Frutas RATs that have been circulating through 2014. It appears to be used in the same campaigns as was Unrccom/Adwind - see the references. If C2 responds, the java RAT downloads Jar files containing Windows Pony/Ponik loader. The RAT is crossplatform and ... https://contagiodump.blogspot.com/2014/11/alienspy-java-rat-samples-and-traffic.html Published: 2014 11 17 21:16:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Video archives of security conferences and workshops - published almost 10 years ago. Content: Just some links for your enjoyment List of security conferences in 2014 Video archives: AIDE (Appalachian Institute of Digital Evidence) 2013 2012 2011 Blackhat 2012 or 2012 torrent Botconf 2013 Bsides BSides DC 2014 BSides Chicago 2014 BSides Nashville 2014 BSides Augusta 2014 BSides Huntsville 2014 BSides Las Vegas 2014 BSidesDE 2013 BSid... https://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html Published: 2015 01 05 04:11:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Collection of Pcap files from malware analysis - published almost 10 years ago. Content: Update: Feb 19. 2015 We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps. I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps lis... https://contagiodump.blogspot.com/2013/04/collection-of-pcap-files-from-malware.html Published: 2015 02 20 04:39:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Ask and you shall receive - published over 9 years ago. Content: I get emails from readers asking for specific malware samples and thought I would make a mini post about it. Yes, I often obtain samples from various sources for my own research. I am sometimes too lazy/busy to post them but don't mind sharing. If you are looking for a particular sample, feel free to ask. I might have it. Send MD5 (several or few s... https://contagiodump.blogspot.com/2015/03/ask-and-you-shall-receive.html Published: 2015 03 09 01:08:00 Received: 2023 03 31 08:41:26 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: An Overview of Exploit Packs (Update 25) May 2015 - published over 9 years ago. Content: Update May 12, 2015 Added CVE-2015-0359 and updates for CVE-2015-0336 Exploit kit table 2014- 2015 (Sortable HTML table) Reference table : Exploit References 2014-2015 Update March 20, 2015 Added CVE-2015-0336 ------------------------ Update February 19, 2015 Added Hanjuan Exploit kit and CVE-2015-3013 for Angler Update... https://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html Published: 2015 05 12 04:30:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Potao Express samples - published over 9 years ago. Content: http://www.welivesecurity.com/2015/07/30/operation-potao-express/ http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf TL; DR 2011- July 2015 Aka Sapotao and node69 Group - Sandworm / Quedagh APT Vectors - USB, exe as doc, xls Victims - RU, BY, AM, GE Victims - MMM group, UA gov truecryptrussia.ru has be... https://contagiodump.blogspot.com/2015/08/potao-express-samples.html Published: 2015 08 12 12:24:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Files download information - published almost 9 years ago. Content: After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account. It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with ... https://contagiodump.blogspot.com/2016/02/files-download-information.html Published: 2016 02 23 20:48:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Ransomware.OSX.KeRanger samples - published over 8 years ago. Content: Research: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud Xiao Sample credit: Claud Xiao File information d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 1d6297e2427f1d00a5b355d6d50809cb Transmission-2.90.dmg e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 56b1d956112b0b7... https://contagiodump.blogspot.com/2016/03/ransomwareosxkeranger-samples.html Published: 2016 03 06 23:39:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: "i am lady" Linux.Lady trojan samples - published over 8 years ago. Content: Bitcoin mining malware for Linux servers - samples Research: Dr. Web. Linux.Lady Sample Credit: Tim Strazzere MD5 list: 0DE8BCA756744F7F2BDB732E3267C3F4 55952F4F41A184503C467141B6171BA7 86AC68E5B09D1C4B157193BB6CB34007 E2CACA9626ED93C3D137FDF494FDAE7C E9423E072AD5A31A80A31FC1F525D614 Download. Email me if you need the password. ... https://contagiodump.blogspot.com/2016/08/i-am-lady-linuxlady-trojan-samples.html Published: 2016 08 17 04:06:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Linux.Agent malware sample - data stealer - published over 8 years ago. Content: Research: SentinelOne, Tim Strazzere Hiding in plain sight? Sample credit: Tim Strazzere List of files 9f7ead4a7e9412225be540c30e04bf98dbd69f62b8910877f0f33057ca153b65 malware d507119f6684c2d978129542f632346774fa2e96cf76fa77f377d130463e9c2c malware fddb36800fbd0a9c9bfffb22ce7eacbccecd1c26b0d3fb3560da5e9ed97ec14c script.decompiled-pretty ec5d4f90c912... https://contagiodump.blogspot.com/2016/08/linuxagent-malware-sample-data-stealer.html Published: 2016 08 24 04:18:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Part I. Russian APT - APT28 collection of samples including OSX XAgent - published almost 8 years ago. Content: This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or nail another country altogether. You can also have fun and exercise your malware analysis skills without any political agenda. The post c... https://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html Published: 2017 02 21 02:23:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: DeepEnd Research: Analysis of Trump's secret server story - published over 7 years ago. Content: We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research) Analysis of Trump's secret server story... ... https://contagiodump.blogspot.com/2017/03/deepend-research-analysis-of-trumps.html Published: 2017 03 20 04:28:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Part II. APT29 Russian APT including Fancy Bear - published over 7 years ago. Content: This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src. Mitre ATT&CK) Please see the first post here: Russian ... https://contagiodump.blogspot.com/2017/03/part-ii-apt29-russian-apt-including.html Published: 2017 03 31 06:02:00 Received: 2023 03 31 08:41:25 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: DDE Command Execution malware samples - published about 7 years ago. Content: Here are a few samples related to the recent DDE Command execution DDE Macro-less Command Execution Vulnerability Download. Email me if you need the password (updated sample pack)Links updated: Jan 20, 2023 References Reading:10/18/2017 InQuest/yara-rules 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inq... https://contagiodump.blogspot.com/2017/10/dde-command-execution-malware-samples.html Published: 2017 10 18 06:24:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Rootkit Umbreon / Umreon - x86, ARM samples - published over 6 years ago. Content: Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems Research: Trend Micro There are two packages one is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package) Download Email me if you need the password Links updated: Jan 19, 2023 File information Part one (full package) #File Name... https://contagiodump.blogspot.com/2018/03/rootkit-umbreon-umreon-x86-arm-samples.html Published: 2018 03 20 13:23:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: HiddenWasp Linux malware backdoor samples - published over 5 years ago. Content: Intezer HiddenWasp Malware Stings Targeted Linux Systems Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan 19, 2023 File informatio 8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b 8f1c51c4963c0bad6cf04444feb411d7 shell f321685342fa373c33eb9479176a086a1c56c90a1826a... https://contagiodump.blogspot.com/2019/06/hiddenwasp-linux-malware-backdoor.html Published: 2019 06 04 04:31:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Linux/AirDropBot samples - published about 5 years ago. Content: Malware Must Die: MMD-0064-2019 - Linux/AirDropBot Mirai variant targeting Linksys E-series - Remote Code Execution tmUnblock.cgi Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress)Links updated: Jan 19, 2023 Hashes MD5 SHA256 SHA1 85a8aad8d938c44c3f3f51089a60ec16 1a75... https://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html Published: 2019 10 06 20:37:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples - published about 5 years ago. Content: Amnesia / Radiation botnet samples Remote Code Execution in CCTV DVR (kerneronsec.com - 2016) 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet 2016-08-11 CyberX Radiation IoT Cybersecurity campaign Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan ... https://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html Published: 2019 10 06 21:16:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples) - published about 5 years ago. Content: 2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own. It is written using Autoit scripts and then compiled into a Windows executable. It uses Telegram to exfiltrate stolen information.Downl... https://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html Published: 2019 10 07 03:48:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Click to Open Code Editor