#minictf — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #minictf, aggregated by home.social.
-
Happy Friday everyone! We are going to wrap this week of #miniCTF with a report from Avast shedding light on the infection chain and action-on-objectives of the HotRat malware, a variant of the AsyncRAT, and its use of a AutoHotkey script which has been compromising victims who are searching for free software and getting infected instead. Enjoy and Happy Hunting!
***In this miniCTF, I have mapped some of the TTPs to MITRE ATT&CK BUT I have either mislabeled or possibly left some out! It is up to you to correct me and fill in the blanks! Enjoy and good luck!***
Notable MITRE TTPs:
TA0002 - Execution
T1204.002 - User Execution: Malicious File
T1059.001 - Command And Scripting Interpreter: PowershellTA0005 - Defense Evasion
T1562.006 - Impair Defenses: Disable or Modify ToolsTA0110 - Persistence
T1053.005 - Scheduled Task / Job: Scheduled TaskTA0001 - Collection
T1113 - Screen Capture#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
Good day everyone! This Thursday's #miniCTF is brought to you by the Lookout professionals Kristina Balaam and Justin Albrecht. In their latest threat intel they provide details of the #WyrmSpy and #DragonEgg Android surveillanceware that is attributed to APT41, a group that is based out of the People's Republic of China. These malware masquerade as legitimate apps on the Google play store to trick their victims to downloading and installing them. Enjoy and Happy Hunting!
Link in the comments
***Let's step this up a notch! I am going to give you just the Tactic, can you fill in the techniques and sub-techniques? Good luck!***
Notable MITRE ATT&CK TTPs:
Mobile Matrix
TA0035 - CollectionTA0027 - Initial Access
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41 -
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!
Link is in the comments!
***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***
Notable MITRE ATT&CK TTPs:
Enterprise Matrix
TA0028 - Persistence
T1547.010 - Boot or Logon Autostart Execution: Port Monitors
T1543.001 - Create or Modify System Process: Windows ServiceTA0005 - Defense Evasion
T1055.012 - Process Injection: Process Hollowing
T1562.001 - Impair Defenses: Disable or Modify ToolsTA0007 - Discovery
T1135 - Network Share DiscoveryTA0040 - Impact
T1489 - Service Stop#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection
-
Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!
Link is in the comments!
***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***
Notable MITRE ATT&CK TTPs:
Enterprise Matrix
TA0028 - Persistence
T1547.010 - Boot or Logon Autostart Execution: Port Monitors
T1543.001 - Create or Modify System Process: Windows ServiceTA0005 - Defense Evasion
T1055.012 - Process Injection: Process Hollowing
T1562.001 - Impair Defenses: Disable or Modify ToolsTA0007 - Discovery
T1135 - Network Share DiscoveryTA0040 - Impact
T1489 - Service Stop#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection
-
Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!
Link is in the comments!
***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***
Notable MITRE ATT&CK TTPs:
Enterprise Matrix
TA0028 - Persistence
T1547.010 - Boot or Logon Autostart Execution: Port Monitors
T1543.001 - Create or Modify System Process: Windows ServiceTA0005 - Defense Evasion
T1055.012 - Process Injection: Process Hollowing
T1562.001 - Impair Defenses: Disable or Modify ToolsTA0007 - Discovery
T1135 - Network Share DiscoveryTA0040 - Impact
T1489 - Service Stop#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection
-
Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!
Link is in the comments!
***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***
Notable MITRE ATT&CK TTPs:
Enterprise Matrix
TA0028 - Persistence
T1547.010 - Boot or Logon Autostart Execution: Port Monitors
T1543.001 - Create or Modify System Process: Windows ServiceTA0005 - Defense Evasion
T1055.012 - Process Injection: Process Hollowing
T1562.001 - Impair Defenses: Disable or Modify ToolsTA0007 - Discovery
T1135 - Network Share DiscoveryTA0040 - Impact
T1489 - Service Stop#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection
-
Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!
Link is in the comments!
***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***
Notable MITRE ATT&CK TTPs:
Enterprise Matrix
TA0028 - Persistence
T1547.010 - Boot or Logon Autostart Execution: Port Monitors
T1543.001 - Create or Modify System Process: Windows ServiceTA0005 - Defense Evasion
T1055.012 - Process Injection: Process Hollowing
T1562.001 - Impair Defenses: Disable or Modify ToolsTA0007 - Discovery
T1135 - Network Share DiscoveryTA0040 - Impact
T1489 - Service Stop#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection
-
Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!
Link in the comments!
***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!
Link in the comments!
***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!
Link in the comments!
***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!
Link in the comments!
***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!
Link in the comments!
***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking
Play along and send in your writeups and you might just win a raspberry pi!
-
Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking
Play along and send in your writeups and you might just win a raspberry pi!
-
Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking
Play along and send in your writeups and you might just win a raspberry pi!