Cyber Security & Digital Forensics
90.3K views | +20 today
Follow
 
Scooped by Constantin Ionel Milos / Milos Constantin
onto Cyber Security & Digital Forensics
Scoop.it!

OS-X-Security and Privacy Guide /by drduh * github.com

OS-X-Security and Privacy Guide /by  drduh * github.com | Cyber Security &  Digital Forensics | Scoop.it
Contribute to OS-X-Security-and-Privacy-Guide development by creating an account on GitHub.
more...
No comment yet.
Your new post is loading...
Your new post is loading...
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Cracking Cisco’s Sourcefire licensing system

Cracking Cisco’s Sourcefire licensing system | Cyber Security &  Digital Forensics | Scoop.it
Free the Kraken!
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Top Five Ways the Red Team breached the External Perimeter

I have been performing “red team” breach assessments for many years. Often the goal is penetrating an external network, and gaining access internally to highly classified data, critical systems or…
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Digital payment systems like PayPal used for micro money laundering

Digital payment systems like PayPal used for micro money laundering | Cyber Security &  Digital Forensics | Scoop.it
Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money by using micro-laundering techniques where multiple, small payments are made so laundering limits aren’t triggered. Cybersecurity.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

WAFNinja: attack Web Application Firewalls •

WAFNinja: attack Web Application Firewalls • | Cyber Security &  Digital Forensics | Scoop.it
WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

#POC : #Broadcom #WiFi  chips as arbitrary signal transmitters similar to software-defined radios ( #SDRs)  

#POC : #Broadcom #WiFi  chips as arbitrary signal transmitters similar to software-defined radios ( #SDRs)   | Cyber Security &  Digital Forensics | Scoop.it
GitHub is where people build software. More than 27 million people use GitHub to discover, fork, and contribute to over 80 million projects.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Extract LinkedIn Usernames from Google using Burpsuite pro

Extract LinkedIn Usernames from Google using Burpsuite pro | Cyber Security &  Digital Forensics | Scoop.it
Hello friends!! Today you will learn how to extract username from any social site such as Facebook, LinkedIn and etc. using burp suite pro. Burpsuite pro provides Python Scripter as an advance option which can be helpful in gathering username for the process of reconnaissance in penetration testing. Python Scripter: This extension allows execution of... Continue reading →
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

DCShadow: Attacking Active Directory with Rogue DCs

DCShadow: Attacking Active Directory with Rogue DCs | Cyber Security &  Digital Forensics | Scoop.it
If you’re familiar with Mimikatz, you’ve already seen some of the ways it exposes weaknesses in Active Directory security (if you’re not, read up!).  Recently, a new feature was added to Mimikatz titled DCShadow and was presented by its authors Benjamin Delpy and Vincent LeToux at the Bluehat IL 2018 conference. DCShadow enables Mimikatz to make changes to Active Directory by simulating a domain controller.  We’ve seen this in the past from Mimikatz, with the DCSync feature, which allows you... Read More Read More
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Debugging Using Radare2… and Windows! – Jacob Pimental –

To start off I want to say I am a Linux person. I use it all the time for development. The command-line is amazing and very streamlined for computer-science related tasks. While I feel this way…
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Jenkins Miner: One of the Biggest Mining Operations Ever Discovered

Jenkins Miner: One of the Biggest Mining Operations Ever Discovered | Cyber Security &  Digital Forensics | Scoop.it
The Check Point research team has discovered what could potentially become one of the biggest malicious mining operations ever seen. As seen in our previous report of the RubyMiner, these types of attacks can be incredibly lucrative. Similar to the RubyMiner as well, the JenkinsMiner could negatively impact the servers, causing slower load times and …
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Malware Delivered via Windows Installer Files

Malware Delivered via Windows Installer Files | Cyber Security &  Digital Forensics | Scoop.it
SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

ROP, NX and ASLR - A Love Triangle - Remote Code Execution - CVE-2018-5767

ROP, NX and ASLR - A Love Triangle - Remote Code Execution - CVE-2018-5767 | Cyber Security &  Digital Forensics | Scoop.it
Remote Code Execution (CVE-2018-5767) Walkthrough on Tenda AC15 Router Introduction In this post we will be presenting a pre-authenticated remote code execution vulnerability present in Tenda’s AC15 router. We start by analysing the vulnerability, before moving on to our regular pattern of exploit development – identifying problems and then fixing those in turn to develop
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Making Light of the "Dark Web" (and Debunking the FUD)

Making Light of the "Dark Web" (and Debunking the FUD) | Cyber Security &  Digital Forensics | Scoop.it
I'll start this post where I start many of my talks - what does a hacker look like? Or perhaps more specifically, what do people think a hacker looks like? It's probably a scary image, one that's a bit mysterious, a shady character lurking in the hidden depths of the
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

PowerShell w/o PowerShell Simplified

PowerShell w/o PowerShell Simplified | Cyber Security &  Digital Forensics | Scoop.it
Brian Ferman// In a previous post, titled PowerShell without PowerShell, we showed you how you can bypass Application Whitelisting Software (AWS), PowerShell restrictions/monitoring, and Command Prompt restrictions. In some cases, you might not need all of that; you might just need a way to bypass PowerShell restrictions and/or monitoring. This post presents a simple solution …
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction –

DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction – | Cyber Security &  Digital Forensics | Scoop.it
[Source: blog.microsoft.com] Introduction Not long ago, I blogged about Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction.  This tool was quite interesting because it was yet another utility to perform volume shadow copy operations, and it had a few other features that could potentially support other offensive use cases. …
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Enhancing Digital Forensics with ReversingLabs Hash Plugin for Autopsy  :  https://www.sleuthkit.org/autopsy/

Autopsy (version 4) is an open source tool used for digital forensics investigations to conduct disk image, local drive, and folder and file analysis.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Why and How to Extract Network Connection Timestamps for DFIR Investigations

Why and How to Extract Network Connection Timestamps for DFIR Investigations | Cyber Security &  Digital Forensics | Scoop.it
For as long as I have been doing forensics, or more specifically, live response, there has been a lot of value in reviewing a Windows system’s network connections during an investigation. In this blog I introduce the importance of extracting an unfamiliar artifact - the timestamp of each network connection-- and a method for doing so.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

JavaScript Zero: real JavaScript, and zero side-channel attacks

JavaScript Zero: real JavaScript, and zero side-channel attacks | Cyber Security &  Digital Forensics | Scoop.it
JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences against micro-architectural and side-channel attacks in browsers. Since submission of the paper to NDSS’18, this subject grew in prominence of course with the announcement of…
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Russian hackers stole 860,000 euros from 32 ATMs belonging to the Raiffeisen Romania in just one night

Russian hackers stole 860,000 euros from 32 ATMs belonging to the Raiffeisen Romania in just one night | Cyber Security &  Digital Forensics | Scoop.it
In just one night a Russian crime gang stole 3.8 million slopes (860,000 euros) from 32 ATMs belonging to the Raiffeisen Romania bank.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

What Is Your Bank’s Security Banking On? — Krebs on Security

What Is Your Bank’s Security Banking On? — Krebs on Security | Cyber Security &  Digital Forensics | Scoop.it
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Obfuscating PHP Backdoors Using Legitimate Code Wrappers ·

Obfuscating PHP Backdoors Using Legitimate Code Wrappers · | Cyber Security &  Digital Forensics | Scoop.it
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

Shopware 5.3.3: PHP Object Instantiation to Blind XXE | Cyber Security &  Digital Forensics | Scoop.it
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Chaos: a Stolen Backdoor Rising Again

Chaos: a Stolen Backdoor Rising Again | Cyber Security &  Digital Forensics | Scoop.it
An undocumented Linux Backdoor is making a comeback. Read on for a description of the cryptographic operation of this reverse shell backdoor.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Penetration Testing, Social Engineering and Red Teaming  : An Introduction to TrevorC2 –

Penetration Testing, Social Engineering and Red Teaming  : An Introduction to TrevorC2 – | Cyber Security &  Digital Forensics | Scoop.it
I enjoy playing with new tools and one that I'm fully aware of, but havent had the chance to use is Dave Kennedy's TrevorC2. TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data…
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Innovative and rougher in extortion, threats continued for Android in 2017

Innovative and rougher in extortion, threats continued for Android in 2017 | Cyber Security &  Digital Forensics | Scoop.it
New research from ESET has highlighted how 2017 was a year that Android ransomware become more innovative and rougher in extortion.
more...
No comment yet.