Malspam E-mail Leads to Ransomware Cerber/Zerber Infection TRAFFIC SAMPLE

Malspam E-mail Leads to Ransomware Cerber/Zerber Infection TRAFFIC SAMPLE Example of files that were encrypted and protected:   The domain name was NX and not required for the purchase process. 2016-12-16 01:29:05.256362 IP > Flags [P.], seq 0:303, ack 1, win 256, length 303: HTTP: GET //up1/1/4fv3b5.exe HTTP/1.1 E..W..@……..fH……P.n……P…….GET //up1/1/4fv3b5.exe HTTP/1.1 Accept: application/x-shockwave-flash, … Read more

CERBER Ransomware Hidden C2 Servers Traffic and Malware Analysis

Cerber ransomware has been one of the most prolific crimeware botnets to have arisen, it is currently generating an estimated $2.5 million dollars a year and rising. Once infected, your content is encrypted and held for ransom as the name implies. You will see an image popup with instructions on how to reclaim your data … Read more

Cyber Security Trends in 2016 – Denial of Service and Webshells on the rise

According to several security research firms 2015 saw a massive decline in the number of reported malware infections, a decline in exploit activity of 84% compared to that of 2013. The few active exploit kits worth noting were Angler, Neutrino and Rig but besides those three there were virtually no other major campaigns detected in … Read more

What Poor Security Practices Does your Organization Employ? What are best security practices?

Even in 2016 poor security practices are ubiquitous and provide a medium for hackers to compromise networks and critical infrastructure. What are some examples of poor security practices you may be guilty of? Implementing insecure services: Telnet – this is one of the worst services that you can have open on your network, telnet provides … Read more

MAJOR Zero Day 0day Exploit in SMB Samba 445 BADLOCK BUG Vulnerability

Critical vulnerability allowing remote exploitation of virtually ALL versions of Samba’s Server Message Block (SMB) protocol which is a version of Common Internet File System (CIFS) which operates by default over port 445 TCP as an application-layer network protocol. SMB is typically used to provide shared access to files, printers, and serial ports and miscellaneous communications … Read more

Website Web Directory Brute Forcing Fuzzing Tools and Techniques Wordlist Strategies

Directory Brute Forcing Techniques:  Dirsearch is a simple command line tool designed to brute force directories and files in websites. This tool is available at GitHub you can download it from here and after installation in your Kali Linux type following to start dirsearch. dirsearch /opt/dirsearch/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://TARGETIP -e php -t 20 # Dirb dirb … Read more

Snort Suricata Rules Signatures for Racoon Stealer & Kryptik Malware

Racoon Malware Traffic Sample: 2020-05-09 02:34:46.971465 IP > Flags [P.], seq 1:189, ack 1, win 16685, length 188: HTTP: POST /gate/log.php HTTP/1.1 E…+.@…~…V.”Y…Q.P9…9i%.P.A-….POST /gate/log.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 155 Host:   Racoon Sample Rule:   alert tcp $HOME_NET any -> any 80 (msg:”Racoon Credential Stealer Malware”; … Read more

KeyGhost (Software Free) Keylogger for Penetration Testing USB Keyboard Keylogger

KeyGhost (Software Free) Keylogger for Home Use: The KeyGhost™ Home Edition at a glance?  Easy to install in a few seconds! Simply plug it in and record everything that is typed on the PC.  Injected moulded to look like an EMC Balun.  KeyGhost (software free) keylogger even captures and displays key combinations such as Ctrl+C, … Read more