Emissary Panda / TG-3390 / BRONZE UNION / APT27 / CVE-2019-0604 to exploit SharePoint servers AntSword & Awen Webshell

Associated Group Descriptions Name TG-3390 Emissary Panda BRONZE UNION APT27 Iron Tiger LuckyMouse CVE-2019-0604 to exploit SharePoint servers to gain initial access to targeted networks. We would like to acknowledge the possibility of an overlap in the AntSword webshell, as we stated that Emissary Panda used China Chopper in the April attacks and AntSword and … Read more

SideWinder APT Group Exploiting CVE-2019-2215 Google Play App Camero, FileCrypt Manager, and callCam

SideWinder advanced persistent threat (APT) group, report Trend Micro’s Ecular Xu and Joseph Chen in a blog post. Sidewinder, a group detected by Kaspersky Labs in the first quarter of 2018, primarily targets Pakistani military infrastructure and has been active since at least 2012. Security researchers believe the threat group is associated with Indian espionage … Read more

The Evolution of Hacking and Security – From Bindshells to Reverse Shells

So, if you read my previous post on what hacking was like in the mid 90’s to early 2000’s this post will be basically the polar opposite. The hacking game has drastically changed, the old wild wild west version of the internet has turned into cities and suburbs where hacking still takes place but there … Read more

Detailed Analysis of the processes and stages of an Exploit Kit – Java and IE exploited by Flashpack Web Based Kit

Here you can see the webpage that the hackers exploited (arksylhet.com/A67iD4eo/index.html) and inserted within that page an iframe which includes a link to a Javascript Redirect file 2012-09-18 22:41:42.001035 IP > Flags [P.], seq 1:395, ack 1, win 64240, length 394 E…*.@…….j.\+lF…P7_Z.X.X.P….?..GET /Lk1SsGQm/js.js HTTP/1.1 Host: web63.server77.publicompserver.de User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; … Read more

Malware Has Not Gone Away Like Some People Think

Cyber Security Analysts and Specialist alike have noticed a significant downward trend in the number of infections being reported. This doesn’t mean that the Crimeware bosses have packed up shop and gone legit. There are many contributing factors to the current number of infections. Reviewing many of the largest security solution providers logs and examining … Read more

SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

  SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems … Read more

NTFS file system: understanding resident and non-resident files for Computer forensics – Cyber Security Video

This is the first video of the Computer forensics course (tutorial) at Duckademy. To do computer forensics, understanding the NTFS file system and the inner workings of resident and non-resident files is a must. To DOWNLOAD the evidence files and the commands used in the video go to http://www.duckademy.com The goal of the Computer forensic … Read more