#sliverc2 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sliverc2, aggregated by home.social.
-
Sliver C2 Detected - 167[.]99[.]51[.]2:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-167-99-51-2-port-31337/
-
Sliver C2 Detected - 103[.]27[.]156[.]195:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-103-27-156-195-port-31337/
-
Sliver C2 Detected - 172[.]237[.]125[.]146:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-172-237-125-146-port-31337/
-
Sliver C2 Detected - 185[.]246[.]223[.]72:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-185-246-223-72-port-31337/
-
Sliver C2 Detected - 68[.]64[.]180[.]151:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-68-64-180-151-port-31337/
-
Sliver C2 Detected - 51[.]195[.]119[.]119:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-51-195-119-119-port-31337/
-
Sliver C2 Detected - 45[.]66[.]248[.]233:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-45-66-248-233-port-31337/
-
Sliver C2 Detected - 147[.]182[.]231[.]214:1337 - https://www.redpacketsecurity.com/sliver-c2-detected-147-182-231-214-port-1337/
-
Sliver C2 Detected - 85[.]120[.]252[.]124:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-85-120-252-124-port-31337/
-
Sliver C2 Detected - 195[.]200[.]28[.]173:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-195-200-28-173-port-31337/
-
Sliver C2 Detected - 120[.]53[.]244[.]68:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-120-53-244-68-port-31337/
-
Sliver C2 Detected - 66[.]116[.]237[.]233:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-66-116-237-233-port-31337/
-
Sliver C2 Detected - 151[.]243[.]109[.]146:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-151-243-109-146-port-31337/
-
Sliver C2 Detected - 38[.]54[.]17[.]171:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-38-54-17-171-port-31337/
-
Sliver C2 Detected - 167[.]71[.]131[.]160:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-167-71-131-160-port-31337/
-
Sliver C2 Detected - 198[.]44[.]179[.]29:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-198-44-179-29-port-31337/
-
Sliver C2 Detected - 134[.]199[.]231[.]101:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-134-199-231-101-port-31337/
-
Sliver C2 Detected - 5[.]189[.]131[.]248:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-5-189-131-248-port-31337/
-
Sliver C2 Detected - 31[.]58[.]79[.]155:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-31-58-79-155-port-31337/
-
Sliver C2 Detected - 8[.]218[.]254[.]115:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-8-218-254-115-port-31337/
-
Sliver C2 Detected - 142[.]171[.]160[.]137:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-142-171-160-137-port-31337/
-
Sliver C2 Detected - 82[.]156[.]195[.]197:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-82-156-195-197-port-31337/
-
Sliver C2 Detected - 172[.]236[.]10[.]230:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-172-236-10-230-port-31337/
-
Sliver C2 Detected - 92[.]112[.]126[.]10:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-92-112-126-10-port-31337/
-
Sliver C2 Detected - 64[.]235[.]43[.]82:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-64-235-43-82-port-31337/
-
Sliver C2 Detected - 35[.]208[.]7[.]65:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-35-208-7-65-port-31337/
-
Sliver C2 Detected - 109[.]107[.]140[.]248:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-109-107-140-248-port-31337/
-
Sliver C2 Detected - 209[.]209[.]40[.]215:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-209-209-40-215-port-31337/
-
Sliver C2 Detected - 31[.]7[.]61[.]47:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-31-7-61-47-port-31337/
-
Sliver C2 Detected - 23[.]94[.]198[.]240:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-23-94-198-240-port-31337/
-
Sliver C2 Detected - 213[.]199[.]40[.]168:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-213-199-40-168-port-31337/
-
Sliver C2 Detected - 87[.]228[.]63[.]152:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-87-228-63-152-port-31337/
-
Sliver C2 Detected - 5[.]230[.]201[.]54:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-5-230-201-54-port-31337/
-
Sliver C2 Detected - 159[.]195[.]78[.]233:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-159-195-78-233-port-31337/
-
Sliver C2 Detected - 194[.]37[.]80[.]126:31337 - https://www.redpacketsecurity.com/sliver-c2-detected-194-37-80-126-port-31337/
-
https://github.com/icyguider/UAC-BOF-Bonanza
"This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework. A extension.json file has also been provided for each bypass technique for use in Sliver."
#hacking #pentesting #redteam #sliverc2 #sliver #BOF #Havoc #havocC2
-
https://github.com/icyguider/UAC-BOF-Bonanza
"This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework. A extension.json file has also been provided for each bypass technique for use in Sliver."
#hacking #pentesting #redteam #sliverc2 #sliver #BOF #Havoc #havocC2
-
https://github.com/icyguider/UAC-BOF-Bonanza
"This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework. A extension.json file has also been provided for each bypass technique for use in Sliver."
#hacking #pentesting #redteam #sliverc2 #sliver #BOF #Havoc #havocC2
-
https://github.com/icyguider/UAC-BOF-Bonanza
"This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework. A extension.json file has also been provided for each bypass technique for use in Sliver."
#hacking #pentesting #redteam #sliverc2 #sliver #BOF #Havoc #havocC2
-
https://github.com/icyguider/UAC-BOF-Bonanza
"This repository serves as a collection of public UAC bypass techniques that have been weaponized as BOFs. A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework. A extension.json file has also been provided for each bypass technique for use in Sliver."
#hacking #pentesting #redteam #sliverc2 #sliver #BOF #Havoc #havocC2
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?
#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.
Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!
Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.
A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!
#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.
The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.
As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure
-
Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?
#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.
Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!
Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.
A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!
#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.
The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.
As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure
-
Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?
#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.
Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!
Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.
A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!
#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.
The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.
As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure
-
Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?
#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.
Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!
Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.
A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!
#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.
The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.
As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure
-
Happy Monday, folks! It's time to shake off the cobwebs, so strap yourselves in and get your reading glasses out - here's a wrap-up of the week's infosec news, just for you: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
Australia's mandatory reporting laws for Critical infrastructure operators got its first win last week, with the CISC revealing 47 cyber incidents were reported in the 8 months to December last year. Congrats, but what does that actually mean?
#GoDaddy finally twigged to a multi-year compromise of their networks, after users reported odd redirects impacting their website visitors. Turns out they'd likely been owned since at least March 2020, and appear to have failed to evict the attackers at least twice.
Havoc is the latest C2 framework to be thrown in anger, this time against a government target and in a multi-staged delivery chain which featured several evasive measures. Seems like Sliver and Brute Ratel may soon be in good company!
Symantec researchers have unearthed Frebniis - a stealthy IIS backdoor novel for it's hooking of a legitimate feature to covertly intercept attacker tasking.
A number of critical bugs in #Fortinet, #Apple, and #Citrix have been squashed - just make sure you know which ones, and apply those patches!
#redteam members are in for a treat, with a new Nim-based implant to play with and the OffensivePipeline tool to help automate obfuscation.
The #blueteam can look forward to a detailed look at attacks on #ESXi and how to mitigate it, as well as Hunt recommendations for evilginx2, and an update to Microsoft #Defender for Identity to help identify #ADCS abuse.
As always, there's literally dozens more research articles on threat actor activity and tradecraft that I can't summarise here, so make sure you take a look at this week's issue of SOC Goulash and get yourself up to speed!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-4fe
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #SliverC2 #BruteRatel #criticalinfrastructure