home.social

#minictf — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #minictf, aggregated by home.social.

  1. Happy Friday everyone! We are going to wrap this week of #miniCTF with a report from Avast shedding light on the infection chain and action-on-objectives of the HotRat malware, a variant of the AsyncRAT, and its use of a AutoHotkey script which has been compromising victims who are searching for free software and getting infected instead. Enjoy and Happy Hunting!

    ***In this miniCTF, I have mapped some of the TTPs to MITRE ATT&CK BUT I have either mislabeled or possibly left some out! It is up to you to correct me and fill in the blanks! Enjoy and good luck!***

    Notable MITRE TTPs:
    TA0002 - Execution
    T1204.002 - User Execution: Malicious File
    T1059.001 - Command And Scripting Interpreter: Powershell

    TA0005 - Defense Evasion
    T1562.006 - Impair Defenses: Disable or Modify Tools

    TA0110 - Persistence
    T1053.005 - Scheduled Task / Job: Scheduled Task

    TA0001 - Collection
    T1113 - Screen Capture

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  2. Good day everyone! This Thursday's #miniCTF is brought to you by the Lookout professionals Kristina Balaam and Justin Albrecht. In their latest threat intel they provide details of the #WyrmSpy and #DragonEgg Android surveillanceware that is attributed to APT41, a group that is based out of the People's Republic of China. These malware masquerade as legitimate apps on the Google play store to trick their victims to downloading and installing them. Enjoy and Happy Hunting!

    Link in the comments

    ***Let's step this up a notch! I am going to give you just the Tactic, can you fill in the techniques and sub-techniques? Good luck!***

    Notable MITRE ATT&CK TTPs:
    Mobile Matrix
    TA0035 - Collection

    TA0027 - Initial Access

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41
    lookout.com/threat-intelligenc

  3. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  4. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  5. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  6. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  7. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  8. Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!

    Link is in the comments!

    ***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***

    Notable MITRE ATT&CK TTPs:
    Enterprise Matrix
    TA0028 - Persistence
    T1547.010 - Boot or Logon Autostart Execution: Port Monitors
    T1543.001 - Create or Modify System Process: Windows Service

    TA0005 - Defense Evasion
    T1055.012 - Process Injection: Process Hollowing
    T1562.001 - Impair Defenses: Disable or Modify Tools

    TA0007 - Discovery
    T1135 - Network Share Discovery

    TA0040 - Impact
    T1489 - Service Stop

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection

  9. Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!

    Link is in the comments!

    ***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***

    Notable MITRE ATT&CK TTPs:
    Enterprise Matrix
    TA0028 - Persistence
    T1547.010 - Boot or Logon Autostart Execution: Port Monitors
    T1543.001 - Create or Modify System Process: Windows Service

    TA0005 - Defense Evasion
    T1055.012 - Process Injection: Process Hollowing
    T1562.001 - Impair Defenses: Disable or Modify Tools

    TA0007 - Discovery
    T1135 - Network Share Discovery

    TA0040 - Impact
    T1489 - Service Stop

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection

  10. Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!

    Link is in the comments!

    ***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***

    Notable MITRE ATT&CK TTPs:
    Enterprise Matrix
    TA0028 - Persistence
    T1547.010 - Boot or Logon Autostart Execution: Port Monitors
    T1543.001 - Create or Modify System Process: Windows Service

    TA0005 - Defense Evasion
    T1055.012 - Process Injection: Process Hollowing
    T1562.001 - Impair Defenses: Disable or Modify Tools

    TA0007 - Discovery
    T1135 - Network Share Discovery

    TA0040 - Impact
    T1489 - Service Stop

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection

  11. Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!

    Link is in the comments!

    ***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***

    Notable MITRE ATT&CK TTPs:
    Enterprise Matrix
    TA0028 - Persistence
    T1547.010 - Boot or Logon Autostart Execution: Port Monitors
    T1543.001 - Create or Modify System Process: Windows Service

    TA0005 - Defense Evasion
    T1055.012 - Process Injection: Process Hollowing
    T1562.001 - Impair Defenses: Disable or Modify Tools

    TA0007 - Discovery
    T1135 - Network Share Discovery

    TA0040 - Impact
    T1489 - Service Stop

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection

  12. Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!

    Link is in the comments!

    ***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***

    Notable MITRE ATT&CK TTPs:
    Enterprise Matrix
    TA0028 - Persistence
    T1547.010 - Boot or Logon Autostart Execution: Port Monitors
    T1543.001 - Create or Modify System Process: Windows Service

    TA0005 - Defense Evasion
    T1055.012 - Process Injection: Process Hollowing
    T1562.001 - Impair Defenses: Disable or Modify Tools

    TA0007 - Discovery
    T1135 - Network Share Discovery

    TA0040 - Impact
    T1489 - Service Stop

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection

  13. Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

    Link in the comments!

    ***Here is your #miniCTF challenge***
    Beginner: What MITRE ATT&CK relates to the way the malware propagates?
    Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
    Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  14. Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

    Link in the comments!

    ***Here is your #miniCTF challenge***
    Beginner: What MITRE ATT&CK relates to the way the malware propagates?
    Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
    Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  15. Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

    Link in the comments!

    ***Here is your #miniCTF challenge***
    Beginner: What MITRE ATT&CK relates to the way the malware propagates?
    Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
    Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  16. Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

    Link in the comments!

    ***Here is your #miniCTF challenge***
    Beginner: What MITRE ATT&CK relates to the way the malware propagates?
    Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
    Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  17. Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

    Link in the comments!

    ***Here is your #miniCTF challenge***
    Beginner: What MITRE ATT&CK relates to the way the malware propagates?
    Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
    Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  18. Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking

    Play along and send in your writeups and you might just win a raspberry pi!

    turtles.supernetworks.org/febr

    github.com/spr-networks/turtle

  19. Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking

    Play along and send in your writeups and you might just win a raspberry pi!

    turtles.supernetworks.org/febr

    github.com/spr-networks/turtle

  20. Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking

    Play along and send in your writeups and you might just win a raspberry pi!

    turtles.supernetworks.org/febr

    github.com/spr-networks/turtle