#tcp — Public Fediverse posts

Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)

Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)

Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)

Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)

Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Как технически устроена DPI-фильтрация у российских провайдеров и как её детектировать: разбор open-source инструментов

В последние пару лет любой пользователь рунета научился различать “интернет дома” и “интернет в гостях у бабушки”. На одном провайдере YouTube открывается, на другом нет. Это ощущается как непредсказуемость, но за каждой такой деградацией стоят вполне конкретные технические механизмы. Запустил open-source инструмент dpi-checkers на трёх своих подключениях, разобрался с методами TCP 16-20 и CIDR-вайтлистами и расскажу, что технически происходит с вашим трафиком на L4 — от SNI-фильтрации до QUIC-блокировок.

https://habr.com/ru/articles/1033456/

#DPI #deep_packet_inspection #TCP #TLS #SNI #CIDR #цензура #OONI #сетевая_фильтрация

⚡ Reticulum: la rete senza provider e senza TCP/IP che reinventa la connettività. Identità crittografica, zero indirizzi IP e routing dinamico per ambienti con banda limitata e connessioni intermittenti.
https://gomoot.com/reticulum-lidea-di-una-rete-senza-tcp-ip/

#github #lora #python #reticulum #tcp

I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.

I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.

I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.

I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.

I begynnelsen fanns Arpanet men det växte och 1981 bestod nätverket av 213 anslutna datorer. Snart skulle nätet av datorer bli internationellt och kallas internet. Det centrala protokollet var Network Control Protocol (NCP) som lanserades 1970. NCP bestod av Arpanet Host-to-Host Protocol (AHHP) och Initial Connection Protocol (ICP). Dessutom fanns File Transfer Protocol (FTP) för filhantering och Telnet för fjärrinloggning för att användas via NCP. FTP lanserades 1973 och Telnet redan 1969.

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet

An exposed open directory on a Netherlands-hosted server revealed the complete operational toolkit of xlabs_v1, a Mirai-derived IoT botnet operated by an actor using the handle Tadashi. The operation provides DDoS-for-hire services specifically targeting game servers and Minecraft hosts through 21 distinct flood attack variants. The botnet exploits Android Debug Bridge (ADB) on TCP/5555 to compromise over 4 million potentially vulnerable IoT devices including Android TV boxes, smart TVs, and routers. The operation features bandwidth profiling to price-tier infected devices, ChaCha20 string encryption with cryptographic weaknesses, and competitor-eradication routines. Infrastructure analysis consolidated the entire operation within a single bulletproof /24 netblock in the Netherlands, with co-located cryptojacking infrastructure also identified.

Pulse ID: 69f25f09e5c3a33611f7cb16
Pulse Link: https://otx.alienvault.com/pulse/69f25f09e5c3a33611f7cb16
Pulse Author: AlienVault
Created: 2026-04-29 19:42:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #ChaCha20 #CryptoJacking #CyberSecurity #DDoS #DoS #Encryption #InfoSec #IoT #Minecraft #Mirai #OTX #OpenThreatExchange #RAT #TCP #TheNetherlands #bot #botnet #AlienVault

🔗 Understanding Traceroute
https://tech.stonecharioteer.com/posts/2026/traceroute/
#tools #rust #networking #tcp #deepdive

RTF Exploit Installs RAT: uWarrior

An unknown Italian-origin threat actor has developed uWarrior, a Remote Access Tool delivered through weaponized RTF documents containing multiple exploits. The attack chain leverages CVE-2012-1856 with a novel ROP chain and CVE-2015-1770 to bypass ASLR protections by loading non-DYNAMICBASE compiled DLLs through OLE objects. The fully-featured RAT uses compressed, optionally encrypted TCP communications with binary message protocols for command and control. Analysis reveals the actor borrowed components from off-the-shelf tools, particularly the ctOS RAT, sharing similar configuration structures and code functions. uWarrior provides extensive capabilities including remote command execution, file manipulation, system control, software enumeration and uninstallation, and data exfiltration. The malware establishes persistence and communicates with C2 servers using AES encryption.

Pulse ID: 69eb45ce7c704d3df21996a2
Pulse Link: https://otx.alienvault.com/pulse/69eb45ce7c704d3df21996a2
Pulse Author: AlienVault
Created: 2026-04-24 10:28:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #Encryption #InfoSec #Italian #Malware #OTX #OpenThreatExchange #RAT #RTF #RemoteCommandExecution #TCP #bot #AlienVault

Using KATA and KEDR to detect the AdaptixC2 agent

AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

Pulse ID: 69e2824daddc65cc4bab207d
Pulse Link: https://otx.alienvault.com/pulse/69e2824daddc65cc4bab207d
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Данные Signal и Telegram остаются после удаления. Объясняем как ФБР получила доступ к данным после чистки

Мы покажем что конкретно остаётся на iOS и Android после удаления Telegram и Signal, через какие инструменты это находится и сколько времени проходит, прежде чем артефакты начинают исчезать.

https://habr.com/ru/companies/femida_search/articles/1023506/

#vpn #telegram #tls #tcp #max #макс #signal #форензика #иб #ip

Weekend Reads

* FreeBSD and TCP reordering
https://freebsdfoundation.org/wp-content/uploads/2026/04/stewart-adventures.pdf
* NTP Pool DNS geoloc tampering
https://community.ntppool.org/t/dns-configuration-tampering-on-one-of-our-geodns-servers/4300
* MacOS TCP timestamp clock bug
https://photon.codes/blog/we-found-a-ticking-time-bomb-in-macos-tcp-networking
* TLD and file extension collisions
https://arxiv.org/abs/2604.04805
* VPN provider infrastructure deconstructed
https://codamail.com/articles/vpn_exposed.html

#FreeBSD #TCP #NTP #DNS #MacOS #VPN

WebSocket и SSE просто, для собеседований и не только

WebSocket vs SSE простым языком: двустороннее и однонаправленное соединение, как работает TCP и HTTP upgrade, и какие вопросы по этим темам чаще всего задают на собеседовании.

https://habr.com/ru/articles/1021414/

#websocket #websocket_api #websocket_js #tcp #двустороннее_соединение #собеседование_вопросы #собеседование_в_it #sse #frontend #api

WebSocket и SSE просто, для собеседований и не только

WebSocket vs SSE простым языком: двустороннее и однонаправленное соединение, как работает TCP и HTTP upgrade, и какие вопросы по этим темам чаще всего задают на собеседовании.

https://habr.com/ru/articles/1021414/

#websocket #websocket_api #websocket_js #tcp #двустороннее_соединение #собеседование_вопросы #собеседование_в_it #sse #frontend #api

WebSocket и SSE просто, для собеседований и не только

WebSocket vs SSE простым языком: двустороннее и однонаправленное соединение, как работает TCP и HTTP upgrade, и какие вопросы по этим темам чаще всего задают на собеседовании.

https://habr.com/ru/articles/1021414/

#websocket #websocket_api #websocket_js #tcp #двустороннее_соединение #собеседование_вопросы #собеседование_в_it #sse #frontend #api

WebSocket и SSE просто, для собеседований и не только

WebSocket vs SSE простым языком: двустороннее и однонаправленное соединение, как работает TCP и HTTP upgrade, и какие вопросы по этим темам чаще всего задают на собеседовании.

https://habr.com/ru/articles/1021414/

#websocket #websocket_api #websocket_js #tcp #двустороннее_соединение #собеседование_вопросы #собеседование_в_it #sse #frontend #api

Learn network programming in Rust with practical examples for TCP servers, async networking using Tokio, and performance optimization. Covers core concepts, security best practices, and modern Rust networking patterns.

#Rust #Tokio #async/await #TCP/UDP #networking

https://dasroot.net/posts/2026/02/network-programming-rust-tokio/

La #FCC prohibe la #importación y uso de los #routers de fabricacion extranjera.

Ahora van contra la #inmigración #electrónica.

No nos caerá la breva que decidan aislar a todas sus bigtech del resto del mundo por razones de #seguridad #nacional.

Está empezando la etapa de #paranoia para seguir ejerciendo el #control de la #ciudadania en el #pais donde el #fascismo campa a sus anchas.

#informatica #tcp #ip #internet #politica

https://infosec.exchange/@briankrebs/116280575943263005

Mhh, undich wundere mich warum im #Reticulum über #Sideband nichts mehr kommt.

#TCP ist down

Туннелирование трафика: простое решение на Go 2

Ранее я начал писать небольшую программу на Go, чтобы прокидывать трафик между компьютером и своим сервером. Назначение программы исследовательское - посмотреть "как это работает" и разобраться, как именно работают механизмы, мешающие нормальному интернету.

https://habr.com/ru/articles/1011676/

#go #golang #tun #tcp #ip #network #macos

🚀 Behold, the majestic art of #poking holes in #TCP, with a sprinkle of caffeine-induced ramblings! 🤔 Dive deep into the abyss of #buzzwords and cryptic jargon as you navigate the labyrinthine process of... picking a bucket. 🎩✨ Remember, if you're not confused, you're not paying attention.
https://robertsdotpm.github.io/cryptography/tcp_hole_punching.html #Caffeine #TechHumor #Confusion #HackerNews #ngated

Анатомия DPI анализа: что происходит с твоим пакетом за первые 16 КБ

Пошаговый разбор того, как ТСПУ анализирует трафик — от первого SYN до поведенческого ML. С конкретными числами, реальными алгоритмами и объяснением почему одни протоколы умирают на первом байте, а другие живут месяцами Большинство объяснений про DPI звучат так: «система смотрит на пакеты и блокирует плохие». Это примерно как объяснить работу компилятора словами «берёт код и делает программу». Давай пройдём по тому, что реально происходит с пакетом от момента выхода с твоего устройства до момента когда ТСПУ принимает решение. Пошагово, с числами, без абстракций.

https://habr.com/ru/articles/1009560/

#DPI #ТСПУ #TLS #JA3 #JA4 #packet_inspection #Xray #обход_блокировок #TCP #fingerprint

running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

Vint Cerf, Bob Khan, and TCP IP
https://negativepid.blog/vint-cerf-bob-kahn-and-tcp-ip/

#Internet #inventors #vintCerf #BobKhan #TCP #IP #tech #science #IT #negativepid