HackDig : Dig high-quality web security articles for hackers

Abusing cloud services to fly under the radar

tl;dr NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry. In their intrusions they regularly abuse cloud services from Google and Microsoft to achieve their goals. NCC Group and Fox-IT observe
Publish At:2021-01-12 12:08 | Read:125 | Comments:0 | Tags:Blog Cobalt Strike Threat Intelligence Cloud

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks!  In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he discusses his effort to identify how often offensive
Publish At:2020-12-24 15:42 | Read:209 | Comments:0 | Tags:VideoBytes cobalt strike interzer labs mimikatz paul litvak

Threat profile: Egregor ransomware is making a name for itself

What is Egregor? Egregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As we’ve reported in the past, affiliates that were using Maze ransom
Publish At:2020-12-15 13:18 | Read:218 | Comments:0 | Tags:Ransomware Threat spotlight cobalt strike egregor exfiltrate

VideoBytes: Ryuk Ransomware Targeting US Hospitals

Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the BazarLoader malware, which in turn deploys the Cobalt St
Publish At:2020-12-09 13:00 | Read:166 | Comments:0 | Tags:VideoBytes BazarLoader cobalt strike hospital ryuk ransomwar

The alleged decompiled source code of Cobalt Strike toolkit leaked online

The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Source Bleeping Computer Cobalt Strike is a legitimate penetration testing toolkit and th
Publish At:2020-11-11 19:35 | Read:242 | Comments:0 | Tags:Breaking News Hacking Cobalt Strike data leak hacking news i

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Authors: Nikolaos Pantazopoulos, Stefano Antenucci (@Antelox) and Michael Sandee 1. Introduction WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the
Publish At:2020-06-23 09:25 | Read:718 | Comments:0 | Tags:Blog Cobalt Strike Threat Intelligence evilcorp ransomware w

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage, the threat actors used Cobalt Strike’s Malleable C2 fe
Publish At:2020-06-17 15:39 | Read:778 | Comments:0 | Tags:Malware Threat analysis APT C2 cobalt strike Malleable C2

LDAPFragger: Command and Control over LDAP attributes

  Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool
Publish At:2020-03-19 06:53 | Read:1144 | Comments:0 | Tags:audits Blog Cobalt Strike pentest Uncategorized


Tag Cloud