The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two […]
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. “In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions […]
Net Creds is a free tool that sniffs passwords and hashes from a network interface. The tool launches a MITM attack to capture network packets, and ultimately the login credentials. The MITM attack works for the protocols that send credentials in clear text. The example protocols include HTTP, TELNET, POP, SNMP, IMAP, and NNTP. These […]
Most people rely on Outlook email address for work-related as well as personal tasks. Unfortunately, Outlook may not be as secure as we users would like to think. According to a report published by information security training experts at the Carnegie Mellon Software Engineering Institute, Outlook comes with a security bug that could trigger password hash leaks […]
This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do. WordSteal This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal […]
As many of you who follow me on twitter will know, I’m a big fan of the Bettercap project. Created by @EvilSocket, this tool is a reimagining of the historic Ettercap project, bringing it up to date, it’s an invaluable tool for the penetration testing arsenal. One of the many modules offered by the project […]
New technique makes malware detection almost impossible. A team of security researchers from Deep Instinct have discovered a method of injecting malware inside a digitally-signed binary without affecting the overall file hash, which almost certainly ensures that antivirus and security software won’t detect the malicious file. When users double-click an executable and launch it into execution, […]
Windows 10 is here. Well… it’s sort of been here for some time, but it’s fully rolled out now and soon we will begin to see enterprise adoption. I, like I’m sure many others out there, have been playing with Windows 10 in a virtual environment the last few weeks. My motivation has primarily been […]