Tag: HUNTING

Automating GraphQL Bug Bounty Hunting with GrapeQL
GrapeQL is a dedicated security testing tool for GraphQL applications, enabling detection of vulnerabilities like Remote Code Execution, SQL injection, and denial-of-service attacks. It automates testing and generates detailed reports to assist developers and security researchers in fortifying APIs. Affected: GraphQL applications, APIs

Keypoints :

GrapeQL is designed specifically for testing modern GraphQL applications.…
Read More
Lazarus_Linked_Malware_Targets_Windows
This article provides an analysis of the malware sample 875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe, attributed to the Lazarus Group, a state-sponsored cyber threat actor. Using tools like ANY.RUN and Hybrid Analysis, the analysis reveals the malware’s behavior, including process injection and registry modifications, targeting primarily Windows systems and expanding to Linux and macOS environments.…
Read More
Inside Black Basta: Ransomware Resilience and Evolution After the Leak
The article analyzes leaked communications from the Black Basta ransomware group, revealing their ongoing operations despite exposure. Significant tactics such as hybrid infrastructure exploitation and social engineering are highlighted. Microsoft Threat Intelligence’s report discusses warning signs of evolving ransomware techniques, especially in the context of nation-state actors and cloud vulnerabilities.…
Read More
I Didn’t Plan to Find a P1… But My Script Had Other Plans
This article recounts the author’s journey into ethical hacking after discovering a YouTube video about misconfigured S3 buckets. Inspired to create a tool for efficiently identifying such misconfigurations, the author successfully located sensitive information, leading to a substantial bug bounty reward. Affected: S3 buckets, sensitive data, cybersecurity community

Keypoints :

The author was inspired by a YouTube video on finding misconfigured S3 buckets.…
Read More
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
The MysterySnail RAT, linked to the IronHusky APT threat actor, has resurfaced after years of inactivity. Initially discovered in 2021, recent reports show its deployment in government organizations in Mongolia and Russia, alongside a new variant called MysteryMonoSnail that has a more simplified architecture. The article emphasizes the importance of monitoring and detecting historical malware threats, as they may still be active despite the lack of public reports.…
Read More
Global_Rise_of_Akira_Ransomware
The Akira ransomware group has been operational since March 2023, employing a “double extortion” strategy that involves data exfiltration before encryption and threats of public exposure if ransoms are not paid. Their attacks have predominantly targeted sectors like Education, Finance, Manufacturing, and Healthcare across North America, Europe, and Australia, leading to significant financial gains exceeding million.…
Read More

Summary: The video discusses the top five free SOC analyst trainings for beginners, covering simulation training, cyber range platforms, beginner learning courses, and project guides to enhance resumes. Each training resource offers valuable hands-on experience and foundational knowledge for those pursuing a career in cybersecurity, specifically in SOC roles.…
Read More
Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure
This report discusses the ongoing threat posed by the Russian-nexus Gamaredon group, specifically their use of the Pterodo malware family, particularly through PteroLNK VBScript files. The report highlights the malware’s techniques, victimology, and the infrastructure used by Gamaredon, including Dead Drop Resolvers (DDRs). The findings indicate active operations targeting Ukrainian entities, predominantly government and military sectors, providing insights into their malware deployment strategies.…
Read More
Understanding and Threat Hunting for RMM Software Misuse
Threat actors are increasingly exploiting Remote Monitoring and Management (RMM) software to conduct sophisticated cyberattacks, using tools like AnyDesk, Atera Agent, and MeshAgent for unauthorized access, data exfiltration, and persistence in compromised networks. This trend highlights the potential risks posed by these tools, which are often embedded in organizational IT workflows.…
Read More
Investigating Koi Stealer malware using Wireshark
This article analyzes a pcap file to identify malicious activity related to the KOI Stealer infection, focusing on anomalies in network traffic using Wireshark. Critical indicators of compromise (IOCs) are extracted, including suspicious IP addresses and HTTP request patterns. Affected: C2 server, infected host, outbound external server, Active Directory environment

Keypoints :

Analysis of pcap file from www.malware-traffic-analysis.net…
Read More
BRICKSTORM Backdoor Evolves to Target Windows in Espionage Campaigns Against European Sectors
Summary: NVISO has released detection and hunting rules to help identify and combat the BRICKSTORM espionage backdoor and its command-and-control mechanisms. These rules include YARA detection rules, Suricata rules for monitoring Active Command & Control servers, and KQL queries for monitoring suspicious process activity. The report is aimed at enhancing cybersecurity defenses against BRICKSTORM.…
Read More
Interlock ransomware evolving under the radar
The Interlock ransomware group, first observed in September 2024, has emerged as a significant cyber threat, employing tactics such as Big Game Hunting and double extortion. Unlike many ransomware organizations, it does not operate as a Ransomware-as-a-Service (RaaS) group and features a Data Leak Site called “Worldwide Secrets Blog” for negotiation and data exposure.…
Read More
BRICKSTORM Backdoor Targets European Industries
Summary: NVISO reports on BRICKSTORM, a stealthy backdoor linked to the Chinese threat group UNC5221, which has evolved to target Windows systems after prior Linux-based attacks. This espionage tool employs sophisticated techniques for persistence and command-and-control communication while remaining undetected for extended periods. The report highlights the urgent need for enhanced security measures in at-risk sectors, especially given BRICKSTORM’s advanced evasion tactics.…
Read More
Threat actors misuse Node.js to deliver malware and other malicious payloads
Microsoft Defender Experts have reported malicious campaigns utilizing Node.js to deliver malware and facilitate information theft. This emerging trend shows a shift in threat actor techniques that blend malware with legitimate applications, indicating the growing use of Node.js in cyber threats. Affected: cybersecurity, software development

Keypoints :

Microsoft Defender Experts have observed Node.js…
Read More
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
BPFDoor is a state-sponsored backdoor attributed to the Earth Bluecrow APT group, facilitating advanced cyberespionage through reverse shells and stealthy evasion techniques. Recent attacks focus on telecommunications, finance, and retail sectors across multiple countries. Affected: South Korea, Hong Kong, Myanmar, Malaysia, Egypt

Keypoints :

BPFDoor is linked to Earth Bluecrow, a well-known APT group.…
Read More

Summary: The video discusses the insights shared by Edna Johnson, a cybersecurity engineer and community volunteer, on their journey into the cybersecurity field, their experience with various organizations and events, and advice for newcomers in the industry. Edna emphasizes the importance of volunteering and participating in the community, highlights their recent achievements, and discusses the evolution of cybersecurity practices, particularly in threat hunting and detection engineering.…
Read More
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
The article discusses Slow Pisces, a North Korean state-sponsored hacking group focused on cryptocurrency theft. The group employs social engineering, particularly on LinkedIn, to deliver malware disguised as coding challenges to cryptocurrency developers. They successfully stole over billion in 2023, using clever tactics that involve fake applications and supply chain compromises.…
Read More