“frostygoth” — Fediverse search results on home.social

frostygoth @frostygoth · 2021-03-09 · 19:15 UTC

I’m looking into learning RHEL to try and get a position providing support for it in an enterprise with ~7,000 employees. If anybody has any tips on learning material, specific subjects I should learn, or if you think it’s a waste of my time, then please let me know. #rhel8 #rhel #linux

#rhel #linux #rhel8

frostygoth @frostygoth · 2020-09-20 · 00:10 UTC

Just finished my first full #cissp practice test. 100/125 questions for an 80%, which is passing but below my desired threshold of 90%.Whatever. Time to learn from my mistakes and maybe sneak in another one later today. #certifiable

#cissp #certifiable

cohan @[email protected] · 2025-09-06 · 16:12 UTC

There are still some warm days to come, but #FrostMother is leaving hints on chilly nights and #LeafMother is letting us know she's around as more bits of colour appear in the foliage.. #Autumn begins, slowly, subtly but soon to gain speed.. #FoliageFriday On a smoky day in mid-week: Amur Maple Acer tataricum subsp. ginnala in the #Garden
#nature #SeasonalRhythms #pagan #animist #Latvian #Baltic #Alberta #Canada

#frostmother #leafmother #autumn #foliagefriday #garden #nature

CEAalys @[email protected] · 2025-03-14 · 10:53 UTC

Frosty The Godzilla (acrylic, 6x6) ~ painted for my Godzilla-and-Snow-loving 6yo grandson 💙 ❄️
#Godzilla
#Snow
#FrostyTheSnowman

#frostythesnowman #godzilla #snow

Will McKinley @[email protected] · 2024-12-08 · 02:14 UTC

FROSTY THE SNOWMAN debuted on CBS tonight in 1969.

It’s streaming on Prime and Hulu — but they use an edit w/ June Foray and Paul Frees re-dubbed by kid actors.

YouTube has the original: https://youtu.be/vglsGH63-jk

#FrostyTheSnowman #ChristmasMovies #ClassicTV

#frostythesnowman #christmasmovies #classictv

The Threat Codex @[email protected] · 2024-11-22 · 18:11 UTC

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
#FrostyGoop
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/

#frostygoop

The Threat Codex @[email protected] · 2024-11-22 · 18:11 UTC

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
#FrostyGoop
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/

#frostygoop

The Threat Codex @[email protected] · 2024-11-22 · 18:11 UTC

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
#FrostyGoop
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/

#frostygoop

Lasq @[email protected] · 2024-07-25 · 00:58 UTC

Some people seem surprised that APT malware, like the recent FrostyGoop (what's with this name btw?) sample, are relatively simple pieces of code with no obfuscations and big chunks of code copied from open-source repos on GitHub.

There is one thing you need to understand about state-sponsored actors. They don't do it for the internet clout (at least most of them). They only care about finishing their mission given to them by their commanders. So they will use whatever works for them.

Despite what some people think, obfuscation is mostly used to defeat AV/EDR signature detection, not to thwart manual reverse-engineering (this is only a good side-effect). If the devices you are targeting (like ICS or edge devices) do not traditionally run AV/EDR products, there is no point in wasting time obfuscating your code. Plus there's always a risk of obfuscation breaking the code, or introducing new bugs, and each obfuscated sample should be tested (again more wasted time).

As per the GitHub code - APTs LOVE Open Source. Again, despite what some people think, these groups do not have unlimited resources. In particular, time is limited to 24 hours a day for them like for every human being. Could they develop similar in-house code? Most of them probably could, but this would waste months of development and testing. Here they have a code that simply works, it's easily accessible, and as a bonus was tested by thousands of volunteers across the world. It's a win-win situation.

If you looked at malware that Chinese groups use on edge devices (I will talk more about this on Bsides in SG this year btw - spoiler alert!) it looks mostly similar. No obfuscation, big chunks of code copied from GitHub with slight modifications, or even simply GitHub code 1:1.

On the other hand, these groups can be "advanced" when they need to. They have deep operational knowledge of their targets, they know how to move stealthily while inside the network, and how to hide in plain sight. Most importantly they know how to complete their mission objectives (of course caveats apply to all of these points) - something I saw many RedTeams struggle with (but they had crazy EDR bypasses and obfuscations, only no idea how to finish their mission ;) )

#frostygoop #malware #apt #threatintelligence

Lasq @[email protected] · 2024-07-25 · 00:58 UTC

Some people seem surprised that APT malware, like the recent FrostyGoop (what's with this name btw?) sample, are relatively simple pieces of code with no obfuscations and big chunks of code copied from open-source repos on GitHub.

There is one thing you need to understand about state-sponsored actors. They don't do it for the internet clout (at least most of them). They only care about finishing their mission given to them by their commanders. So they will use whatever works for them.

Despite what some people think, obfuscation is mostly used to defeat AV/EDR signature detection, not to thwart manual reverse-engineering (this is only a good side-effect). If the devices you are targeting (like ICS or edge devices) do not traditionally run AV/EDR products, there is no point in wasting time obfuscating your code. Plus there's always a risk of obfuscation breaking the code, or introducing new bugs, and each obfuscated sample should be tested (again more wasted time).

As per the GitHub code - APTs LOVE Open Source. Again, despite what some people think, these groups do not have unlimited resources. In particular, time is limited to 24 hours a day for them like for every human being. Could they develop similar in-house code? Most of them probably could, but this would waste months of development and testing. Here they have a code that simply works, it's easily accessible, and as a bonus was tested by thousands of volunteers across the world. It's a win-win situation.

If you looked at malware that Chinese groups use on edge devices (I will talk more about this on Bsides in SG this year btw - spoiler alert!) it looks mostly similar. No obfuscation, big chunks of code copied from GitHub with slight modifications, or even simply GitHub code 1:1.

On the other hand, these groups can be "advanced" when they need to. They have deep operational knowledge of their targets, they know how to move stealthily while inside the network, and how to hide in plain sight. Most importantly they know how to complete their mission objectives (of course caveats apply to all of these points) - something I saw many RedTeams struggle with (but they had crazy EDR bypasses and obfuscations, only no idea how to finish their mission ;) )

#frostygoop #malware #apt #threatintelligence

Lasq @[email protected] · 2024-07-25 · 00:58 UTC

Some people seem surprised that APT malware, like the recent FrostyGoop (what's with this name btw?) sample, are relatively simple pieces of code with no obfuscations and big chunks of code copied from open-source repos on GitHub.

There is one thing you need to understand about state-sponsored actors. They don't do it for the internet clout (at least most of them). They only care about finishing their mission given to them by their commanders. So they will use whatever works for them.

Despite what some people think, obfuscation is mostly used to defeat AV/EDR signature detection, not to thwart manual reverse-engineering (this is only a good side-effect). If the devices you are targeting (like ICS or edge devices) do not traditionally run AV/EDR products, there is no point in wasting time obfuscating your code. Plus there's always a risk of obfuscation breaking the code, or introducing new bugs, and each obfuscated sample should be tested (again more wasted time).

As per the GitHub code - APTs LOVE Open Source. Again, despite what some people think, these groups do not have unlimited resources. In particular, time is limited to 24 hours a day for them like for every human being. Could they develop similar in-house code? Most of them probably could, but this would waste months of development and testing. Here they have a code that simply works, it's easily accessible, and as a bonus was tested by thousands of volunteers across the world. It's a win-win situation.

If you looked at malware that Chinese groups use on edge devices (I will talk more about this on Bsides in SG this year btw - spoiler alert!) it looks mostly similar. No obfuscation, big chunks of code copied from GitHub with slight modifications, or even simply GitHub code 1:1.

On the other hand, these groups can be "advanced" when they need to. They have deep operational knowledge of their targets, they know how to move stealthily while inside the network, and how to hide in plain sight. Most importantly they know how to complete their mission objectives (of course caveats apply to all of these points) - something I saw many RedTeams struggle with (but they had crazy EDR bypasses and obfuscations, only no idea how to finish their mission ;) )

#frostygoop #malware #apt #threatintelligence

Lasq @[email protected] · 2024-07-25 · 00:58 UTC

Some people seem surprised that APT malware, like the recent FrostyGoop (what's with this name btw?) sample, are relatively simple pieces of code with no obfuscations and big chunks of code copied from open-source repos on GitHub.

There is one thing you need to understand about state-sponsored actors. They don't do it for the internet clout (at least most of them). They only care about finishing their mission given to them by their commanders. So they will use whatever works for them.

Despite what some people think, obfuscation is mostly used to defeat AV/EDR signature detection, not to thwart manual reverse-engineering (this is only a good side-effect). If the devices you are targeting (like ICS or edge devices) do not traditionally run AV/EDR products, there is no point in wasting time obfuscating your code. Plus there's always a risk of obfuscation breaking the code, or introducing new bugs, and each obfuscated sample should be tested (again more wasted time).

As per the GitHub code - APTs LOVE Open Source. Again, despite what some people think, these groups do not have unlimited resources. In particular, time is limited to 24 hours a day for them like for every human being. Could they develop similar in-house code? Most of them probably could, but this would waste months of development and testing. Here they have a code that simply works, it's easily accessible, and as a bonus was tested by thousands of volunteers across the world. It's a win-win situation.

If you looked at malware that Chinese groups use on edge devices (I will talk more about this on Bsides in SG this year btw - spoiler alert!) it looks mostly similar. No obfuscation, big chunks of code copied from GitHub with slight modifications, or even simply GitHub code 1:1.

On the other hand, these groups can be "advanced" when they need to. They have deep operational knowledge of their targets, they know how to move stealthily while inside the network, and how to hide in plain sight. Most importantly they know how to complete their mission objectives (of course caveats apply to all of these points) - something I saw many RedTeams struggle with (but they had crazy EDR bypasses and obfuscations, only no idea how to finish their mission ;) )

#frostygoop #malware #apt #threatintelligence

🛡 [email protected]/:~# :blinking_cursor: @[email protected] · 2024-07-23 · 13:08 UTC

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Date: July 23, 2024

CVE: N/A

Vulnerability Type: Exploitation of Modbus TCP communication

CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

Sources: The Hacker News, Yahoo News, Dragos

Synopsis

FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

Issue Summary

In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

Technical Key Findings

FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

Vulnerable Products

ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

Impact Assessment

The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

Patches or Workarounds

Currently, there are no specific patches available for FrostyGoop.

#FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

#frostygoop #ics #modbustcp #criticalinfrastructure #cyberattack #energysector

Pyrzout :vm: @[email protected] · 2024-07-23 · 11:05 UTC

FrostyGoop ICS Malware Left Ukrainian City’s Residents Without Heating https://www.securityweek.com/frostygoop-ics-malware-left-ukrainian-citys-residents-without-heating/ #FrostyGoop #ICSmalware #Featured #Ukraine #ICS/OT #Russia

#frostygoop #icsmalware #featured #ukraine #ics #russia

GayDeceiver @GayDeceiver · 2022-12-08 · 21:28 UTC

"Why are you burning that old top hat?"
"We put it on top of our snowman, and it made it come to life"
"Wow! That's great! A living snowman!"
"A living, anatomically correct, human-shaped, naked snowman"
"Let me get more lumber for the fire"

#FrostyTheSnowman #Frosty #SnowMan #TopHat #XmasMagic #ChristmasMagic #Christmas #Xmas

#frostythesnowman #xmasmagic #christmasmagic #christmas #xmas #frosty

🛡 [email protected]/:~# :blinking_cursor: @[email protected] · 2024-07-23 · 13:08 UTC

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Date: July 23, 2024

CVE: N/A

Vulnerability Type: Exploitation of Modbus TCP communication

CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

Sources: The Hacker News, Yahoo News, Dragos

Synopsis

FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

Issue Summary

In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

Technical Key Findings

FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

Vulnerable Products

ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

Impact Assessment

The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

Patches or Workarounds

Currently, there are no specific patches available for FrostyGoop.

#FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

#frostygoop #ics #modbustcp #criticalinfrastructure #cyberattack #energysector

🛡 [email protected]/:~# :blinking_cursor: @[email protected] · 2024-07-23 · 13:08 UTC

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Date: July 23, 2024

CVE: N/A

Vulnerability Type: Exploitation of Modbus TCP communication

CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

Sources: The Hacker News, Yahoo News, Dragos

Synopsis

FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

Issue Summary

In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

Technical Key Findings

FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

Vulnerable Products

ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

Impact Assessment

The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

Patches or Workarounds

Currently, there are no specific patches available for FrostyGoop.

#FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

#frostygoop #ics #modbustcp #criticalinfrastructure #cyberattack #energysector

🛡 [email protected]/:~# :blinking_cursor: @[email protected] · 2024-07-23 · 13:08 UTC

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Date: July 23, 2024

CVE: N/A

Vulnerability Type: Exploitation of Modbus TCP communication

CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

Sources: The Hacker News, Yahoo News, Dragos

Synopsis

FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

Issue Summary

In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

Technical Key Findings

FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

Vulnerable Products

ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

Impact Assessment

The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

Patches or Workarounds

Currently, there are no specific patches available for FrostyGoop.

#FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability