Fun HoneyPot’s to Setup and see what current exploit trends are there

Glastopf is a web application honeypot. It emulates often-exploited web vulnerabilities, such as remote and local file inclusion and SQL injection. Glastopf examines the attacker’s HTTP request and attempts to respond according to expectations to, for instance, download malicious files. Dionaea is a honeypot for collecting malware. It emulates vulnerabilities in Windows services often targeted by malware, such … Read more

Examination of a “Drive-by-Download” Many Security Professionals Get this Wrong – It’s a type of Social Engineering

https://amzn.to/3n0lcqx Basic Definition: Drive-by downloads are a type of social engineering which happens when visiting a website and you are prompted for a download without initiating it, when viewing an e-mail message with software that allows javascript to run, by clicking on a deceptive pop-up window that prompts you to install the latest version of flash … Read more

Mafiaboy DDoS IRC botnet takes down eBay/ETRADE/Amazon and Yahoo at the same time – RATE THIS ATTACK

DDoS was a lot easier back in those days, I remember one of the attacks launched at an IRC user that lived in Romania that always made me laugh, instead of just DoS’n the user they DDoS’d the uplink that provided bandwidth to the entire country – YES – they took a country offline with … Read more

APT – Advanced Persistent Threat – RAMNIT – Historical Traffic Sample

2011-07-29 23:09:35.899406 IP 68.87.73.246.53 > 172.29.0.116.1026: 23951 1/0/0 A 207.223.0.140 (50) E@.N..@.9…DWI….t.5…:..]…………star-trakers.com………………… 2011-07-29 23:09:35.899748 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S,…t……..3.”…..p….T………. 2011-07-29 23:09:38.820452 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags [S], seq 867836568, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0*.@…S+…t……..3.”…..p….T………. 2011-07-29 23:09:44.728939 IP 172.29.0.116.1488 > 207.223.0.140.443: Flags … Read more

Remote Access Trojan RAT svchost.exe 163.172.160.227.4443 PCAP file download traffic sample

Download Attachments 1  vcleanDate added: January 26, 2018 5:47 am Added by: admin File size: 10 KB Downloads: 11 46 engines detected this file SHA-256 8a100d3324a2c579fcc56203d9f14e0d6e3448b3ed65769136c8dc21376ef0e5 File name vujpdi0f2gg.exe File size 135.5 KB Last analysis 2018-01-25 16:06:53 UTC Community score -192 Remote AccessContains a remote desktop related stringTries to identify its external IP addressUses network protocols on unusual portsPersistenceInjects into explorerModifies auto-execute functionality … Read more