#lolbas — Public Fediverse posts

«Легитимное зло» в инфраструктуре: практический опыт детектирования LOLBAS

Привет, Хабр! Меня зовут Максим Кишмерешкин, я ведущий аналитик центра мониторинга и реагирования «Инфосистемы Джет». Сегодня мы поговорим про довольно старую, но до сих пор остающуюся популярной тему — LOTL. Напомню, что LOTL (living on the land), или как я его называю «жизнь на подножном корме» — это использование в атаке инструментов, которые уже есть в системе жертвы. Мы поделимся тем, как мы этот класс атак встречали в реальных кейсах, какие процедуры и техники выявляли, и расскажем, как их можно детектировать.

https://habr.com/ru/companies/jetinfosystems/articles/1032484/

#cybersecurity #cyberattack #lotl #lolbas #soc #siem #иб #кибербезопасность #кибербез #детектирование

«Легитимное зло» в инфраструктуре: практический опыт детектирования LOLBAS

Привет, Хабр! Меня зовут Максим Кишмерешкин, я ведущий аналитик центра мониторинга и реагирования «Инфосистемы Джет». Сегодня мы поговорим про довольно старую, но до сих пор остающуюся популярной тему — LOTL. Напомню, что LOTL (living on the land), или как я его называю «жизнь на подножном корме» — это использование в атаке инструментов, которые уже есть в системе жертвы. Мы поделимся тем, как мы этот класс атак встречали в реальных кейсах, какие процедуры и техники выявляли, и расскажем, как их можно детектировать.

https://habr.com/ru/companies/jetinfosystems/articles/1032484/

#cybersecurity #cyberattack #lotl #lolbas #soc #siem #иб #кибербезопасность #кибербез #детектирование

«Легитимное зло» в инфраструктуре: практический опыт детектирования LOLBAS

Привет, Хабр! Меня зовут Максим Кишмерешкин, я ведущий аналитик центра мониторинга и реагирования «Инфосистемы Джет». Сегодня мы поговорим про довольно старую, но до сих пор остающуюся популярной тему — LOTL. Напомню, что LOTL (living on the land), или как я его называю «жизнь на подножном корме» — это использование в атаке инструментов, которые уже есть в системе жертвы. Мы поделимся тем, как мы этот класс атак встречали в реальных кейсах, какие процедуры и техники выявляли, и расскажем, как их можно детектировать.

https://habr.com/ru/companies/jetinfosystems/articles/1032484/

#cybersecurity #cyberattack #lotl #lolbas #soc #siem #иб #кибербезопасность #кибербез #детектирование

«Легитимное зло» в инфраструктуре: практический опыт детектирования LOLBAS

Привет, Хабр! Меня зовут Максим Кишмерешкин, я ведущий аналитик центра мониторинга и реагирования «Инфосистемы Джет». Сегодня мы поговорим про довольно старую, но до сих пор остающуюся популярной тему — LOTL. Напомню, что LOTL (living on the land), или как я его называю «жизнь на подножном корме» — это использование в атаке инструментов, которые уже есть в системе жертвы. Мы поделимся тем, как мы этот класс атак встречали в реальных кейсах, какие процедуры и техники выявляли, и расскажем, как их можно детектировать.

https://habr.com/ru/companies/jetinfosystems/articles/1032484/

#cybersecurity #cyberattack #lotl #lolbas #soc #siem #иб #кибербезопасность #кибербез #детектирование

Was looking for a good Awesome list on Living Off the Land ( #LOL #LOtL ) tools/techniques. Found some helpful sites / repos but either nothing I could contribute to or it was limited.

So... I made one: https://github.com/danzek/awesome-lol-commonly-abused

Contributions welcome, whether by replying to this post or sending a PR on GitHub.

#lolbins #lolbas

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD