home.social

#psexec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #psexec, aggregated by home.social.

  1. Habr @[email protected] ·

    Ledger — прохождение сложной машины от Tryhackme

    Ledger — это сложная машина Windows на TryHackMe, в центре которой находится неправильная конфигурация служб сертификатов Active Directory (AD CS). Первоначальная разведка выявляет контроллер домена ( labyrinth.thm.local ) с включенной аутентификацией SMB null и LDAP, раскрывающим учетные данные пользователя в примечаниях. Через certipy-ad находим шаблон сертификата ServerAuth , который уязвим к ESC1 , что позволяет любому аутентифицированному пользователю запросить сертификат, выдавая себя за администратора домена. Хэш NT администратора извлекается из поддельного сертификата, а psexec предоставляет командную оболочку NT AUTHORITY SYSTEM. Альтернативный путь эксплуатации через аутентификацию LDAP Schannel для случаев, когда Kerberos PKINIT не срабатывает.

    habr.com/ru/articles/1032298/

    #active_directory #certificate #esc #windows #nmap #cvss_v3 #mitre_attack #certipy #psexec #ldap

    #ldap #psexec #certipy #mitre_attack #cvss_v3 #nmap
  2. Habr @[email protected] ·

    Ledger — прохождение сложной машины от Tryhackme

    Ledger — это сложная машина Windows на TryHackMe, в центре которой находится неправильная конфигурация служб сертификатов Active Directory (AD CS). Первоначальная разведка выявляет контроллер домена ( labyrinth.thm.local ) с включенной аутентификацией SMB null и LDAP, раскрывающим учетные данные пользователя в примечаниях. Через certipy-ad находим шаблон сертификата ServerAuth , который уязвим к ESC1 , что позволяет любому аутентифицированному пользователю запросить сертификат, выдавая себя за администратора домена. Хэш NT администратора извлекается из поддельного сертификата, а psexec предоставляет командную оболочку NT AUTHORITY SYSTEM. Альтернативный путь эксплуатации через аутентификацию LDAP Schannel для случаев, когда Kerberos PKINIT не срабатывает.

    habr.com/ru/articles/1032298/

    #active_directory #certificate #esc #windows #nmap #cvss_v3 #mitre_attack #certipy #psexec #ldap

    #ldap #psexec #certipy #mitre_attack #cvss_v3 #nmap
  3. Habr @[email protected] ·

    Ledger — прохождение сложной машины от Tryhackme

    Ledger — это сложная машина Windows на TryHackMe, в центре которой находится неправильная конфигурация служб сертификатов Active Directory (AD CS). Первоначальная разведка выявляет контроллер домена ( labyrinth.thm.local ) с включенной аутентификацией SMB null и LDAP, раскрывающим учетные данные пользователя в примечаниях. Через certipy-ad находим шаблон сертификата ServerAuth , который уязвим к ESC1 , что позволяет любому аутентифицированному пользователю запросить сертификат, выдавая себя за администратора домена. Хэш NT администратора извлекается из поддельного сертификата, а psexec предоставляет командную оболочку NT AUTHORITY SYSTEM. Альтернативный путь эксплуатации через аутентификацию LDAP Schannel для случаев, когда Kerberos PKINIT не срабатывает.

    habr.com/ru/articles/1032298/

    #active_directory #certificate #esc #windows #nmap #cvss_v3 #mitre_attack #certipy #psexec #ldap

    #ldap #psexec #certipy #mitre_attack #cvss_v3 #nmap
  4. Habr @[email protected] ·

    Ledger — прохождение сложной машины от Tryhackme

    Ledger — это сложная машина Windows на TryHackMe, в центре которой находится неправильная конфигурация служб сертификатов Active Directory (AD CS). Первоначальная разведка выявляет контроллер домена ( labyrinth.thm.local ) с включенной аутентификацией SMB null и LDAP, раскрывающим учетные данные пользователя в примечаниях. Через certipy-ad находим шаблон сертификата ServerAuth , который уязвим к ESC1 , что позволяет любому аутентифицированному пользователю запросить сертификат, выдавая себя за администратора домена. Хэш NT администратора извлекается из поддельного сертификата, а psexec предоставляет командную оболочку NT AUTHORITY SYSTEM. Альтернативный путь эксплуатации через аутентификацию LDAP Schannel для случаев, когда Kerberos PKINIT не срабатывает.

    habr.com/ru/articles/1032298/

    #active_directory #certificate #esc #windows #nmap #cvss_v3 #mitre_attack #certipy #psexec #ldap

    #active_directory #certificate #esc #windows #nmap #cvss_v3
  5. OTX Bot @[email protected] ·

    Using KATA and KEDR to detect the AdaptixC2 agent

    AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

    Pulse ID: 69e2824daddc65cc4bab207d
    Pulse Link: otx.alienvault.com/pulse/69e28
    Pulse Author: AlienVault
    Created: 2026-04-17 18:56:13

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

    #credentialharvesting #cybersecurity #dns #edr #encryption #endpoint
  6. OTX Bot @[email protected] ·

    Using KATA and KEDR to detect the AdaptixC2 agent

    AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

    Pulse ID: 69e2824daddc65cc4bab207d
    Pulse Link: otx.alienvault.com/pulse/69e28
    Pulse Author: AlienVault
    Created: 2026-04-17 18:56:13

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

    #credentialharvesting #cybersecurity #dns #edr #encryption #endpoint
  7. OTX Bot @[email protected] ·

    Using KATA and KEDR to detect the AdaptixC2 agent

    AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

    Pulse ID: 69e2824daddc65cc4bab207d
    Pulse Link: otx.alienvault.com/pulse/69e28
    Pulse Author: AlienVault
    Created: 2026-04-17 18:56:13

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

    #credentialharvesting #cybersecurity #dns #edr #encryption #endpoint
  8. OTX Bot @[email protected] ·

    Using KATA and KEDR to detect the AdaptixC2 agent

    AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

    Pulse ID: 69e2824daddc65cc4bab207d
    Pulse Link: otx.alienvault.com/pulse/69e28
    Pulse Author: AlienVault
    Created: 2026-04-17 18:56:13

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

    #alienvault #bot #windows #tls #tcp #smb
  9. OTX Bot @[email protected] ·

    Using KATA and KEDR to detect the AdaptixC2 agent

    AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

    Pulse ID: 69e2824daddc65cc4bab207d
    Pulse Link: otx.alienvault.com/pulse/69e28
    Pulse Author: AlienVault
    Created: 2026-04-17 18:56:13

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

    #credentialharvesting #cybersecurity #dns #edr #encryption #endpoint
  10. Tedi Heriyanto @[email protected] ·

    Testing SIEM Detections Against Ransomware Using PsExec: osintteam.blog/testing-siem-de

    #siem #psexec #ransomware #cybersecurity

    #siem #psexec #ransomware #cybersecurity
  11. Tedi Heriyanto @[email protected] ·

    Testing SIEM Detections Against Ransomware Using PsExec: osintteam.blog/testing-siem-de

    #siem #psexec #ransomware #cybersecurity

    #cybersecurity #ransomware #psexec #siem
  12. sekurak News @[email protected] ·

    Wprowadzenie do Sysinternals – PSTools/PsExec

    W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

    #Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

    sekurak.pl/wprowadzenie-do-sys

    #narzedzia #teksty #psexec #pstools #sysinternals #windows
  13. sekurak News @[email protected] ·

    Wprowadzenie do Sysinternals – PSTools/PsExec

    W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

    #Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

    sekurak.pl/wprowadzenie-do-sys

    #narzedzia #teksty #psexec #pstools #sysinternals #windows
  14. sekurak News @[email protected] ·

    Wprowadzenie do Sysinternals – PSTools/PsExec

    W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

    #Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

    sekurak.pl/wprowadzenie-do-sys

    #windows #sysinternals #pstools #psexec #teksty #narzedzia
  15. sekurak News @[email protected] ·

    Wprowadzenie do Sysinternals – PSTools/PsExec

    W pracy z systemami Windows kluczowy jest dostęp do narzędzi umożliwiających zdalną administrację. Choć nowoczesne rozwiązania, takie jak PowerShell Remoting, dobrze spełniają te funkcje, ich wykorzystanie często jest ograniczone przez polityki bezpieczeństwa lub rozwiązania EDR (Endpoint Detection & Response – wykrywanie i reagowanie w punktach końcowych). W takich sytuacjach można...

    #Narzędzia #Teksty #Narzędzia #Psexec #Pstools #Sysinternals #Windows

    sekurak.pl/wprowadzenie-do-sys

    #narzedzia #teksty #psexec #pstools #sysinternals #windows
  16. OTX Bot @[email protected] ·

    StopRansomware: RansomHub Ransomware

    RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to contact the group via a Tor URL. Affiliates typically gain initial access through phishing, exploiting vulnerabilities, and password spraying. They use tools like Mimikatz for credential theft and privilege escalation, and move laterally using RDP, PsExec, and other methods. Data exfiltration varies by affiliate but may involve tools like PuTTY and AWS S3 buckets. The ransomware uses Curve 25519 encryption and implements intermittent encryption. It targets user files and networked shares, leaving a ransom note and deleting volume shadow copies.

    Pulse ID: 66d204f1d658869764c07d47
    Pulse Link: otx.alienvault.com/pulse/66d20
    Pulse Author: AlienVault
    Created: 2024-08-30 17:44:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AWS #CyberSecurity #Encryption #Extortion #InfoSec #OTX #OpenThreatExchange #Password #Phishing #PsExec #RAT #RDP #RansomWare #RansomwareAsAService #StopRansomware #Word #bot #AlienVault

    #alienvault #bot #word #stopransomware #ransomwareasaservice #ransomware
  17. 13reak :fedora: @[email protected] ·

    #dfir #knowledgedrop

    #psexec can be detected by .key files:

    "Starting with PsExec v2.30 [...], anytime a PsExec command is executed, a .key file gets written to the file system and will be recorded in the USN Journal on the target system. It will follow this naming convention: PSEXEC-[Source Hostname]-[8 Unique Characters].key and will be located at the C:\Windows directory." [1]

    [1] aboutdfir.com/the-key-to-ident

    #dfir #knowledgedrop #psexec
  18. 13reak :fedora: @[email protected] ·

    #dfir #knowledgedrop

    #psexec can be detected by .key files:

    "Starting with PsExec v2.30 [...], anytime a PsExec command is executed, a .key file gets written to the file system and will be recorded in the USN Journal on the target system. It will follow this naming convention: PSEXEC-[Source Hostname]-[8 Unique Characters].key and will be located at the C:\Windows directory." [1]

    [1] aboutdfir.com/the-key-to-ident

    #dfir #knowledgedrop #psexec
  19. 13reak :fedora: @[email protected] ·

    #dfir #knowledgedrop

    #psexec can be detected by .key files:

    "Starting with PsExec v2.30 [...], anytime a PsExec command is executed, a .key file gets written to the file system and will be recorded in the USN Journal on the target system. It will follow this naming convention: PSEXEC-[Source Hostname]-[8 Unique Characters].key and will be located at the C:\Windows directory." [1]

    [1] aboutdfir.com/the-key-to-ident

    #dfir #knowledgedrop #psexec
  20. 13reak :fedora: @[email protected] ·

    #dfir #knowledgedrop

    #psexec can be detected by .key files:

    "Starting with PsExec v2.30 [...], anytime a PsExec command is executed, a .key file gets written to the file system and will be recorded in the USN Journal on the target system. It will follow this naming convention: PSEXEC-[Source Hostname]-[8 Unique Characters].key and will be located at the C:\Windows directory." [1]

    [1] aboutdfir.com/the-key-to-ident

    #dfir #knowledgedrop #psexec
  21. Habr @[email protected] ·

    Pass The Hash? Да легко! + артефакты

    🔥 Атака Pass The Hash позволяет злоумышленнику повторно использовать NT хэш для входа систему, избегая ввода пароля и используя протокол NTLM для авторизации, вместо базового Kerberos. Но как она делается и, самое главное, детектится в домене?...

    habr.com/ru/articles/829972/

    #pass_the_hash #pth #domain #active_directory #impacket #psexec

    #psexec #impacket #active_directory #domain #pth #pass_the_hash
  22. Habr @[email protected] ·

    Pass The Hash? Да легко! + артефакты

    🔥 Атака Pass The Hash позволяет злоумышленнику повторно использовать NT хэш для входа систему, избегая ввода пароля и используя протокол NTLM для авторизации, вместо базового Kerberos. Но как она делается и, самое главное, детектится в домене?...

    habr.com/ru/articles/829972/

    #pass_the_hash #pth #domain #active_directory #impacket #psexec

    #psexec #impacket #active_directory #domain #pth #pass_the_hash
  23. Habr @[email protected] ·

    Pass The Hash? Да легко! + артефакты

    🔥 Атака Pass The Hash позволяет злоумышленнику повторно использовать NT хэш для входа систему, избегая ввода пароля и используя протокол NTLM для авторизации, вместо базового Kerberos. Но как она делается и, самое главное, детектится в домене?...

    habr.com/ru/articles/829972/

    #pass_the_hash #pth #domain #active_directory #impacket #psexec

    #pass_the_hash #pth #domain #active_directory #impacket #psexec
  24. Martin Boller :debian: :tux: :freebsd: :windows: :mastodon: @[email protected] ·

    Detecting PSExec Usage youtu.be/oVM1nQhDZQc

    #Detection #PSExec #BlueTeam #Defense #13cubed

    #detection #psexec #blueteam #defense #13cubed
  25. Martin Boller :debian: :tux: :freebsd: :windows: :mastodon: @[email protected] ·

    Detecting PSExec Usage youtu.be/oVM1nQhDZQc

    #Detection #PSExec #BlueTeam #Defense #13cubed

    #detection #psexec #blueteam #defense #13cubed
  26. Martin Boller :debian: :tux: :freebsd: :windows: :mastodon: @[email protected] ·

    Detecting PSExec Usage youtu.be/oVM1nQhDZQc

    #Detection #PSExec #BlueTeam #Defense #13cubed

    #detection #psexec #blueteam #defense #13cubed
  27. Martin Boller :debian: :tux: :freebsd: :windows: :mastodon: @[email protected] ·

    Detecting PSExec Usage youtu.be/oVM1nQhDZQc

    #Detection #PSExec #BlueTeam #Defense #13cubed

    #13cubed #defense #blueteam #psexec #detection
  28. Martin Boller :debian: :tux: :freebsd: :windows: :mastodon: @[email protected] ·

    Detecting PSExec Usage youtu.be/oVM1nQhDZQc

    #Detection #PSExec #BlueTeam #Defense #13cubed

    #detection #psexec #blueteam #defense #13cubed
  29. Opalsec :verified: @[email protected] ·

    Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

    #apache #superset #kritec #skimmer #magecart #fin7
  30. Opalsec :verified: @[email protected] ·

    Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

    #apache #superset #kritec #skimmer #magecart #fin7
  31. Opalsec :verified: @[email protected] ·

    Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

    #apache #superset #kritec #skimmer #magecart #fin7
  32. Opalsec :verified: @[email protected] ·

    Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

    #byovd #lolbin #lolbas #securityresearch #exploit #poc
  33. Opalsec :verified: @[email protected] ·

    Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

    #apache #superset #kritec #skimmer #magecart #fin7
  34. chrisjrob @[email protected] ·

    Well isn't that helpful.

    #windows #psexec #ntp #irony

    #ntp #irony #windows #psexec
  35. chrisjrob @[email protected] ·

    Well isn't that helpful.

    #windows #psexec #ntp #irony

    #ntp #irony #windows #psexec
  36. chrisjrob @[email protected] ·

    Well isn't that helpful.

    #windows #psexec #ntp #irony

    #ntp #irony #windows #psexec
  37. chrisjrob @[email protected] ·

    Well isn't that helpful.

    #windows #psexec #ntp #irony

    #psexec #windows #irony #ntp
  38. chrisjrob @[email protected] ·

    Well isn't that helpful.

    #windows #psexec #ntp #irony

    #ntp #irony #windows #psexec
  39. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Sysinternals - I have just completed this room! Check it out: tryhackme.com/room/btsysintern #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

    #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg
  40. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Sysinternals - I have just completed this room! Check it out: tryhackme.com/room/btsysintern #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

    #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg
  41. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Sysinternals - I have just completed this room! Check it out: tryhackme.com/room/btsysintern #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

    #btsysinternalssg #procexp #psexec #procmon #sysinternals #tryhackme
  42. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Sysinternals - I have just completed this room! Check it out: tryhackme.com/room/btsysintern #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg via @RealTryHackMe

    #tryhackme #sysinternals #procmon #psexec #procexp #btsysinternalssg
  43. SecurityLab @[email protected] ·

    Опубликован PoC-код для эксплуатации уязвимости в Windows от 2006 года #Tenable, #Windows, #PsExec securitylab.ru/news/514762.php twitter.com/SecurityLabnews/st

    #psexec #windows #tenable
  44. SecurityLab @[email protected] ·

    Опубликован PoC-код для эксплуатации уязвимости в Windows от 2006 года #Tenable, #Windows, #PsExec securitylab.ru/news/514762.php twitter.com/SecurityLabnews/st

    #psexec #windows #tenable