A question I am frequently asked about is what is the difference between adware (legal software that will however overload you with ads and make money) vs. malware (crimeware to be specific). Typically there is a fine line between the two, a good example of a successful adware company is that of OpinionSpy/Marketscore which bundles … Read more What is the Difference between Adware and Malware FIREBALL / Elex – WHAT YOU NEED TO KNOW!
#!/usr/bin/python import sys, httplib def main(host, path): try: conn = httplib.HTTPConnection(host) conn.request(“GET”, path) r1 = conn.getresponse() print “[+]”,host+path,”:”,r1.status, r1.reason except: print “[-] Error Occurred” pass if len(sys.argv) != 3: print “nUsage: ./sqlresp.py <site> <list of injections>” print “Example: ./sqlresp.py www.site.com/buy.php?id= injections.txtn” sys.exit(1) print “n d3hydr8[at]gmail[dot]com sqlResp v1.0” print “———————————————-” try: injects = open(sys.argv, “r”).readlines() except(IOError): … Read more Python Script to scan for vulnerable servers allowing SQL Injection
So I found this neat little script laying around, it makes looking for backdoors and webshells on webservers a cake walk. Backdoors are always changing and different hacker groups rename common backdoors so you can update this script with new intel in two seconds. To add a new filename to search simple add /newfilename in … Read more Syhunt Web Backdoor Scanner .LUA or .EXE – Easy Customization and Configuration
The Dell Sonicwall TZ 190 Series is a high-performance, multi-layered network security platform that integrates Type II PC Card based 3G wireless broadband support, automated failover/failback technologies, a deep packet inspection firewall and optional 802.11 b/g wireless LAN access. The TZ 190 Series enables organizations to establish secure 3G wireless broadband network access instantly without … Read more SonicWALL TZ 190 01-SSC-6851 Wireless Security Appliance Firewall
Ransomware is nothing new, since 2012 it has been wreaking havoc on the world. The TTPs for delivering and infecting victims has changed over the years but the end goal remains the same, give me your money or you’ll never see your files again. Some of the first ransomware campaigns used mechanisms such as exploit … Read more Wcry WannaCry WCry Ransomware Malware ETERNALBLUE/MS17-010 Worm is dead or is it? – active new IOCs Domain Names/IPs
A new sample was released today courtesy of http://www.pcapanalysis.com which can be located at the reference linked at the bottom. The ransomware is currently being distributed mostly via malspam campaigns but was also observed being served up by the lord exploit kit and links were found posted on hacked wordpress sites and forums for drive-by-download … Read more JIGSAW Ransomware does not use C2 infrastructure and proving to be a lot harder to shut down then researchers originally thought
In 2010 the crimeware scene became more profitable then ever and where as the main malware being used to generate revenue was FakeAV and scareware. It wasn’t as easy to infect a host until Paunch hit the scene and developed a way to use publicly available exploits as well as buying 0day exploits on the … Read more Active Exploit Kits and their Evolution From Blackhole to Fallout and Spelevo Purple Fox Lord
Associated Group Descriptions Name TG-3390 Emissary Panda BRONZE UNION APT27 Iron Tiger LuckyMouse CVE-2019-0604 to exploit SharePoint servers to gain initial access to targeted networks. We would like to acknowledge the possibility of an overlap in the AntSword webshell, as we stated that Emissary Panda used China Chopper in the April attacks and AntSword and … Read more Emissary Panda / TG-3390 / BRONZE UNION / APT27 / CVE-2019-0604 to exploit SharePoint servers AntSword & Awen Webshell