Cyber Security & Digital Forensics
71.3K views | +6 today
Follow
 
Your new post is loading...
Your new post is loading...
Rescooped by Constantin Ionel Milos / Milos Constantin from SME Cyber Security
Scoop.it!

This new dark web ransomware-as-a-service is customised so any script kiddie can launch attacks

This new dark web ransomware-as-a-service is customised so any script kiddie can launch attacks | Cyber Security &  Digital Forensics | Scoop.it
The RaaS was found being sold for $175 by a Russian cybercriminal and allows users to remotely control and monitor attacks.

Via Roger Smith
more...
Roger Smith's curator insight, April 21, 11:45 PM

The next ransomeware attack could be from your 13 year old son!   How does that make you feel?

Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

A Red Teamer’s guide to pivoting

A Red Teamer’s guide to pivoting | Cyber Security &  Digital Forensics | Scoop.it
Pivoting guide for penetrations testers or red team members
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

The Shadow Brokers Leaked Exploits Explained | Rapid7 Community and Blog

The Shadow Brokers Leaked Exploits Explained | Rapid7 Community and Blog | Cyber Security &  Digital Forensics | Scoop.it
The Rapid7 team has been busy evaluating the threats posed by last Friday’s Shadow Broker exploit and tool release and answering questions from
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique | Countercept

Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique | Countercept | Cyber Security &  Digital Forensics | Scoop.it
Like many in the security industry, we've been busy investigating the implications of the Shadow Brokers leak, with the DOUBLEPULSAR payload in particular attracting our attention.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Windows, Now with built in anti forensics!

Windows, Now with built in anti forensics! | Cyber Security &  Digital Forensics | Scoop.it
A blog about computer and digital forensics and techniques, hacking exposed dfir incident response file systems journaling
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

504ensicsLabs/DAMM : #Diferential #Analysis of #Malware #Memory

504ensicsLabs/DAMM : #Diferential #Analysis of #Malware #Memory | Cyber Security &  Digital Forensics | Scoop.it
DAMM - Differential Analysis of Malware in Memory
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Moving threat landscape: The reality beyond the cyberwarfare

Moving threat landscape:  The reality beyond the cyberwarfare | Cyber Security &  Digital Forensics | Scoop.it
It started quietly as a probability not a reality. Now within months cyberwarfare has become a reality plausible as the air we breathe.
more...
No comment yet.
Rescooped by Constantin Ionel Milos / Milos Constantin from "Computação Forense"
Scoop.it!

Some useful forensics tools for your forensics investigation

Some useful forensics tools for your forensics investigation | Cyber Security &  Digital Forensics | Scoop.it
tools, forensics and incident response, forensics - So you're called onsite to a forensics engagement. What do you bring?
Your forensics media:
Well prepped m

Via João Carvalho
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

KnockKnock : See what's persistently installed on your Mac

KnockKnock : See what's persistently installed on your Mac | Cyber Security &  Digital Forensics | Scoop.it
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Fuzzing the OpenSSH daemon using AFL

Fuzzing the OpenSSH daemon using AFL | Cyber Security &  Digital Forensics | Scoop.it
( EDIT 2017-03-25 : All my patches to make OpenSSH more amenable to fuzzing with AFL are available a
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Latest Shadow Brokers dump — owning SWIFT Alliance Access, Cisco and Windows

Latest Shadow Brokers dump — owning SWIFT Alliance Access, Cisco and Windows | Cyber Security &  Digital Forensics | Scoop.it
The headlines — the Equation Group are owning banks using VPN edge gateways, internal Cisco firewalls, and then owning SWIFT Alliance Access boxes. Emeraldthread-3.0.0.exe — EMERALDTHREAD is a remote…
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

An Overview of a Color-coded Multi-Stage Arsenal

An Overview of a Color-coded Multi-Stage Arsenal | Cyber Security &  Digital Forensics | Scoop.it
The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008. The
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

So You Think You Can Secure Your Mobile Phone With a Fingerprint?

So You Think You Can Secure Your Mobile Phone With a Fingerprint? | Cyber Security &  Digital Forensics | Scoop.it
No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis

DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis | Cyber Security &  Digital Forensics | Scoop.it
One week ago today, the Shadow Brokers (an unknown hacking entity) leaked the Equation Group's (NSA) FuzzBunch software, an exploitatio
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Onion Pi TOR Proxy

Onion Pi TOR Proxy - Tor Onion Router which gives you opportunity to create secure network wherever you are
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

How to build a 8 GPU password cracker

How to build a 8 GPU password cracker | Cyber Security &  Digital Forensics | Scoop.it
TL;DR

This build doesn't require any "black magic" or hours of frustration
like desktop components do. If you follow this blog and its parts list,
you'll have a working rig in 3 hours. These instructions should remove
any anxiety of spending 5 figures and not knowing
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

PowerMemory - Exploit Windows Credentials In Memory - Darknet

PowerMemory - Exploit Windows Credentials In Memory - Darknet | Cyber Security &  Digital Forensics | Scoop.it
PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory, it levers Microsoft signed binaries to hack Windows.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

#Exception oriented #exploitation on #iOS

#Exception oriented #exploitation on #iOS | Cyber Security &  Digital Forensics | Scoop.it
Posted by Ian Beer, Project Zero This post covers the discovery and exploitation of CVE-2017-2370 , a heap buffer overflow in th
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Building a WiFi Enabled USB Rubber Ducky with a Raspberry Pi 0 w

Building a WiFi Enabled USB Rubber Ducky with a Raspberry Pi 0 w | Cyber Security &  Digital Forensics | Scoop.it
Leveraging the new RPi0w to build a WiFi enabled keystroke injection tool (a.k.a. USB Rubber Ducky with WiFi).
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

A deeper look into malware abusing TeamViewer

A deeper look into malware abusing TeamViewer | Cyber Security &  Digital Forensics | Scoop.it
Analyzing TeamSpy, malware that gives hackers complete remote control of PCs.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Transparent Windows Tor Firewall: Tallow » CyberPunk

Transparent Windows Tor Firewall: Tallow » CyberPunk | Cyber Security &  Digital Forensics | Scoop.it
Transparent Windows Tor Firewall      Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. A
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

How To Put Multiple ISO Files In One Bootable USB Disk | Create Multiboot USB Disk

How To Put Multiple ISO Files In One Bootable USB Disk | Create Multiboot USB Disk | Cyber Security &  Digital Forensics | Scoop.it
This article includes a method to create a multiboot flash drive allowing to put multiple ISOs file in one bootable media. You can create one bootable media for Windows and Linux.
more...
No comment yet.
Rescooped by Constantin Ionel Milos / Milos Constantin from Cyber Security
Scoop.it!

CLDAP Protocol Allows DDoS Attacks with 70x Amplification Factor

CLDAP Protocol Allows DDoS Attacks with 70x Amplification Factor | Cyber Security &  Digital Forensics | Scoop.it
SOURCE: Information Security Newspaper http://www.securitynewspaper.com/2017/04/15/cldap-protocol-allows-ddos-attacks-70x-amplification-factor/ TAGS: CLDAP, DDoS attacks In a report released on Tuesday, Akamai says it spotted DDoS attacks leveraging the CLDAP protocol for the first time, and attacks using this protocol have the potential to incur serious damage, based on the opinion of its experts. The CLDAP protocol, defined by RFC 1798 and replaced by RFC 3352, is an alternative to the LDAP protocol from Microsoft, used to connect, search, and modify share Internet directories. While both protocols work on port 389, LDAP works via TCP, while CLDAP, as its name implies — Connection-less Lightweight Directory Access Protocol — works via UDP. First DDoS attacks using CLDAP detected last year According to Akamai, during October 2016, the company started detecting DDoS attacks carried out via an unfamiliar protocol, which was CLDAP. This was happening at the same time when DDoS mitigation firm Corero announced it also discovered DDoS attacks leveraging LDAP. According to the Akamai report released this week, both protocols appear to have been used in similar manners, which was for amplified DDoS reflection attacks. These types of attacks happen when an attacker sends an LDAP or CLDAP request to a LDAP server with a spoofed sender IP address (the victim's IP). Based on the attacker's LDAP/CLDAP query, the server responds with its own data, which it inserts into the response packet. Because the attacker used IP spoofing, this unsolicitated & bulked-up response is sent to the target's IP, causing the DDoS attack, as the victim's machine can't process massive amounts of LDAP/CLDAP data at the same time. CLDAP and LDAP DDoS attacks have massive amplification factors This is the reflection part of the attack. The amplification part, or the amplification factor is the number of times a packet is enlarged while processed by the LDAP server. For both the LDAP and CLDAP protocols, this amplification factor is quite substantial. Normally, other protocols susceptible to amplified reflection DDoS attacks have an amplification factor of around 10, meaning a packet of 1 byte is bounced off the vulnerable server and amplified to 10 bytes. According to Corero, for LDAP, the amplification factor is 46, on average, and up to 55 at peak conditions. CLDAP attacks are slightly more powerful, with an amplification factor of 56, on average, and 70 at peak conditions. 50 DDoS attacks using CLDAP detected Akamai says that since October 14, 2016, when the first CLDAP-based DDoS attack was seen, there have been 50 attacks in total, coming from 7,629 unique CLDAP reflectors (LDAP servers with port 389 exposed to the Internet).
The biggest of this was of 24 Gbps, more than enough to bring down a website, which usually falls around 1 Gbps.
Timeline of CLDAP DDoS attacks [Source: Akamai]
The vast majority of these attacks, 33, were single vector attacks, meaning 100% pure CLDAP requests, with no other protocols involved. This is uncommon, as most DDoS attacks use multiple protocols in order to avoid DDoS protection systems. Someone testing a new DDoS cannon? The low number of CLDAP attacks detected during the last six months, and the high percentage of pure CLDAP DDoS attacks lends us to believe that a threat actor was testing CLDAP's feasibility for DDoS attacks. With amplification factors going as high as 55 and 70, LDAP and CLDAP stand to become very popular with DDoS-for-hire services. Currently, there are 250,000 devices with port 389 exposed to the Internet, according to Shodan. In the past two years, security researchers have discovered other protocols susceptible to amplified DDoS reflection attacks, such as NetBIOS, RPC, Sentinel, DNSSEC, and TFTP. Generally, UDP-based protocols are susceptible to these types of attacks. source:https://www.bleepingcomputer.com/ Information Security Newspaper http://www.securitynewspaper.com/2017/04/15/cldap-protocol-allows-ddos-attacks-70x-amplification-factor/
Via David Thomas
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Penetration Testing Skype for Business: Exploiting the Missing Lync – MDSec

Penetration Testing Skype for Business: Exploiting the Missing Lync – MDSec | Cyber Security &  Digital Forensics | Scoop.it
A blog post on how to exploit Skype for Business during a red team engagement
more...
No comment yet.