This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques:
Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. …Category: Interesting Stuff
Introduction
Read More In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark web data leak site was seized, then unseized, then re-seized in a December 2023 law enforcement operation that seemingly failed to deter the group – until AlphV ultimately claimed to disband via an apparent exit scam, immediately following a high-profile attack against Change Healthcare in March 2024.…
Summary
Read More Trigona ransomware is a sophisticated and evolving threat that leverages vulnerabilities, legitimate tools, and double extortion tactics to target organizations, particularly in the technology and healthcare sectors. Collaboration with other threat actors like ALPHV enhances its capabilities. Prevention strategies are crucial, including robust cybersecurity measures and awareness of the risks associated with paying ransoms.…
Akamai security researcher Tomer Peled discovered a spoofing vulnerability in Microsoft Themes, allowing an attacker to coerce NTLM credentials.
The vulnerability affects all Windows versions and was fixed in January’s Patch Tuesday 2024.
Exploiting the vulnerability requires the victim to download a theme file, triggering an automatic authentication coercion attack.…
Akamai researchers discovered a new privilege escalation technique in Active Directory environments using the DHCP administrators group.
The technique leverages legitimate features and doesn’t rely on any vulnerability, making it challenging to fix.
It can be used not only for privilege escalation but also as a domain persistence mechanism.…Experience Level required: Intermediate
In this report, we will analyze the CryptNet Ransomware, starting with deobfuscating the sample and proceeding through the ransomware’s techniques:
Obfuscated strings encrypted strings AES & RSA Encryption algorithmsCryptNet is a NET ransomware that has been advertised as a new ransomware-as-a-service in underground forums since at least April 2023.…
Sextortion scam is defined as the crime of blackmailing victims using their sensitive information to inflict great psychological distress and extort them. Victims not only suffer from immediate financial losses but also immense shock and terror, some to the point of having their daily lives severely impacted.…
Methodology-based scamsTarget-Based ScamsPlatform-Based ScamsOnline
Read More The fraudulent activities take place across online platforms.
Travel
Fake vacation packages which offer hidden fees or non-existent accommodations.
Utility
Impersonating utility companies to demand immediate payment or threaten with service disconnection.
Tricking individuals into unwanted subscriptions or memberships by offering free trials that automatically convert into paid subscriptions.…
For CISA, understanding adversary behavior is often the first step in protecting networks and data. The success network defenders have in detecting and mitigating cyberattacks depends on this understanding. The MITRE ATT&CK® framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.…
OVERVIEW: REMOTE ACCESS SOFTWARE
Remote access software and tools comprise a broad array of capabilities used to maintain and improve IT, operational technology (OT), and industrial control systems (ICS) services; they allow a proactive and flexible approach for organizations to remotely oversee networks, computers, and other devices.…
In this report, we will analyze the MATANBUCHUS loader, a C++ malware, to determine its function and capabilities:
API Hashing Stack Strings Checks number of running process PEB Traversal Anti-Sandbox techniquesWe’ll start with resolving APIs and decoding the strings, then proceed through the loader’s techniques.…
A bug bounty program is essentially a legalized hacking arrangement where organizations offer rewards to ethical hackers (also called bug bounty hunters) for discovering and reporting vulnerabilities in their software, systems, or websites.
Here’s a deeper dive into how bug bounties work:
Benefits for Organizations:
Proactive Security: Bug bounties help identify and fix security weaknesses before malicious actors exploit them.…Microsoft 365 (formerly Office 365) is Microsoft’s cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centralized storage of organizational data, combined with its ubiquity and widespread adoption, make it a common target of threat actors.…
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, making payment, verifying identity, and investing. Some people do not own personal computers, but almost everyone these days have mobile phones.…
In my free time, i updated “Indonesia got Hacked! on telegram.
Web defacement is a cyber attack where hackers alter the visual appearance or content of a website. It’s essentially digital vandalism.
Motives:
Bragging rights: Hackers might deface a website to showcase their skills or promote their hacking group.…The COM Hijacking technique is often utilized by threat actors and various malware families to achieve both persistence and privilege escalation in target systems. It relies on manipulating Component Object Model (COM), exploiting the core architecture of Windows that enables communication between software components, by adding a new value on a specific registry key related to the COM object itself.…
The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995, It was produced to overcome some limitations and offer new features.
Hard-links Improved performance, reliability, and disk space utilization Security access control lists File system journalingHere are some files related to the NTFS file system and what are they used for:
$MFT Store MFT record $MFTMirr Contains a partial backup of MFT $LogFile Transaction logging file $Volume Contain volume information such as label, identifier, and version $AttrDef Attribute definition $Bitmap Contains the allocation status of all clusters $Boot Contain the boot record $BadClus Mark clusters as bad clusters $Secure Contain information about the security and access control informationSo I will start to discuss what we can get out of analyzing NTFS Artifacts.…
https://web-check.xyz/
Supported ChecksIP InfoSSL ChainDNS RecordsCookiesCrawl RulesHeadersQuality MetricsServer LocationAssociated HostsRedirect ChainTXT RecordsServer StatusOpen PortsTracerouteCarbon FootprintServer InfoWhois LookupDomain InfoDNS Security ExtensionsSite FeaturesHTTP Strict Transport SecurityDNS ServerTech StackListed PagesSecurity.txt…https://www.shadowstackre.com/ – Committed to delivering high quality malware intelligence and services to the cybersecurity community. Open this link : https://github.com/ShadowStackRe/intel/tree/master/rules/yara…
The basic idea revolves around gafAsyncKeyState (gaf = global af?), which is an undocumented kernel structure in win32kbase.sys used by NtUserGetAsyncKeyState (this structure exists up to Windows 10 – more on that at the end or in the talk linked above).
By first locating and then parsing this structure, we can read keystrokes the way that NtUserGetAsyncKeyState does, without calling any APIs at all.…