HackDig : Dig high-quality web security articles

Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks

Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide.Cobalt Strike is a le
Publish At:2021-09-14 04:57 | Read:90 | Comments:0 | Tags:Cyber Crime Hacking Malware Cobalt Strike Cybercrime hacking

“Cobalt Strike” network attack tool patches crashtastic server bug

byPaul DucklinIf you’re a regular reader of Naked Security and Sophos News, you’ll almost certainly be familiar with Cobalt Strike, a network attack tool that’s popular with cybercriminals and malware creators.For example, by implanting the Cobalt Strike “Beacon” program on a network they’ve infiltrated, ransomware crooks
Publish At:2021-08-05 16:36 | Read:528 | Comments:0 | Tags:Cobalt Strike vulnerability

Malspam banks on Kaseya ransomware attack

The Malwarebytes Threat Intelligence Team recently found a malicious spam campaign making the rounds and banking on the ransomware attack that forced Kaseya to shut down its VSA service. This is a classic example of an opportunistic attack conducted by (potentially) another threat actor/group off the back of another threat actor/group’s attack. With
Publish At:2021-07-08 16:09 | Read:382 | Comments:0 | Tags:Social engineering cobalt strike dridex information stealer

Hackers spread backdoor after compromising the Mongolian CA MonPass

Threat actors compromised the servers of Mongolian certificate authority (CA) MonPass and used its website to spread malware. Hackers compromised the servers of the Mongolian certificate authority (CA) MonPass and used its website to spread malware, reported Avast researchers. According to the experts, the security breach took place at least six months ag
Publish At:2021-07-04 12:14 | Read:490 | Comments:0 | Tags:Breaking News Malware backdoor CA Cobalt Strike Cybersecurit

A week in security (May 31 – June 6)

Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: it’s a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for non-compliant users after all, and a cyber threat report compile
Publish At:2021-06-07 08:34 | Read:592 | Comments:0 | Tags:A week in security cobalt strike colonial pipeline Colonial

Cobalt Strike, a penetration testing tool abused by criminals

If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probably the best known project for penetration testing—is an expl
Publish At:2021-06-01 15:59 | Read:469 | Comments:0 | Tags:Researcher's corner cobalt strike metasploit pen-testing

Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group

The PRODAFT Threat Intelligence Team has published a report (pdf) that gives an unusually clear look at the size and structure of organized cybercrime. It uncovered a global cybercrime campaign that uses modern management methods, sophisticated tools—including its own malware testing sandbox—and has strong ties with the SolarWinds attack, the EvilCorp gr
Publish At:2021-03-22 09:42 | Read:704 | Comments:0 | Tags:Reports cobalt strike domain fronting empire evil corp evilc

Abusing cloud services to fly under the radar

tl;dr NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry. In their intrusions they regularly abuse cloud services from Google and Microsoft to achieve their goals. NCC Group and Fox-IT observe
Publish At:2021-01-12 12:08 | Read:916 | Comments:0 | Tags:Blog Cobalt Strike Threat Intelligence Cloud

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks!  In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he discusses his effort to identify how often offensive
Publish At:2020-12-24 15:42 | Read:1018 | Comments:0 | Tags:VideoBytes cobalt strike interzer labs mimikatz paul litvak

Threat profile: Egregor ransomware is making a name for itself

What is Egregor? Egregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As we’ve reported in the past, affiliates that were using Maze ransom
Publish At:2020-12-15 13:18 | Read:1067 | Comments:0 | Tags:Ransomware Threat spotlight cobalt strike egregor exfiltrate

VideoBytes: Ryuk Ransomware Targeting US Hospitals

Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the BazarLoader malware, which in turn deploys the Cobalt St
Publish At:2020-12-09 13:00 | Read:901 | Comments:0 | Tags:VideoBytes BazarLoader cobalt strike hospital ryuk ransomwar

The alleged decompiled source code of Cobalt Strike toolkit leaked online

The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Source Bleeping Computer Cobalt Strike is a legitimate penetration testing toolkit and th
Publish At:2020-11-11 19:35 | Read:921 | Comments:0 | Tags:Breaking News Hacking Cobalt Strike data leak hacking news i

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Authors: Nikolaos Pantazopoulos, Stefano Antenucci (@Antelox) and Michael Sandee 1. Introduction WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the
Publish At:2020-06-23 09:25 | Read:1587 | Comments:0 | Tags:Blog Cobalt Strike Threat Intelligence evilcorp ransomware w

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage, the threat actors used Cobalt Strike’s Malleable C2 fe
Publish At:2020-06-17 15:39 | Read:1895 | Comments:0 | Tags:Malware Threat analysis APT C2 cobalt strike Malleable C2

LDAPFragger: Command and Control over LDAP attributes

  Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool
Publish At:2020-03-19 06:53 | Read:2086 | Comments:0 | Tags:audits Blog Cobalt Strike pentest Uncategorized

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud