Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. […]
Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” Kroll said in an analysis published last week. The […]
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. “It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,” […]
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. “This suggests that the threat actors are streamlining operations by making their techniques multipurpose,” Trend Micro researchers said in a new analysis published this week. […]
Antivirus products continuously advance to combat evolving threats, prompting malware developers to create new bypassing techniques like “packing” and “crypting,” GuLoader is a notable service employed by cybercriminals to avoid detection by antivirus software. The cybersecurity researchers at Check Point affirmed that GuLoader employs a range of evasion techniques and stands out for its encrypted […]
The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, the malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, […]
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. “These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022,” Palo Alto Networks Unit […]
Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.Because the server name in […]
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware reverse engineering and threat intelligence.There […]
In this section, we’ll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. What is XML external entity injection?XML external entity injection (also known as XXE) is a web security vulnerability that allows an […]
SQL InjectionIn this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection. What is SQL injection (SQLi)?SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an […]
As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give code […]
Microsoft’s security team believes that a more destructive BlueKeep attack is coming, and urges users and companies to install application patches in a timely manner. Before Microsoft issued a warning, security researchers detected malware activity and weaponized the BlueKeep vulnerability. The attacker used BlueKeep’s unpatched Windows system and secretly installed a cryptocurrency mining tool. Many […]
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and runs entirely from memory. A […]
Set of tools for creating/injecting payload into images. Useful references for better understanding of pixload and its use-cases: Bypassing CSP using polyglot JPEGs Hacking group using Polyglot images to hide malvertising attacks Encoding Web Shells in PNG IDAT chunks An XSS on Facebook via PNGs & Wonky Content Types Revisiting XSS payloads in PNG IDAT […]
Set of tools for creating/injecting payload into images. Useful references for better understanding of pixload and its use-cases: Bypassing CSP using polyglot JPEGs Hacking group using Polyglot images to hide malvertising attacks Encoding Web Shells in PNG IDAT chunks An XSS on Facebook via PNGs & Wonky Content Types Revisiting XSS payloads in PNG IDAT chunks […]
A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/–list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try –host/–port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Installation $ gem install godofwar Usage $ godofwar -h […]
This tool is meant to encode and encrypt your javascript code/payloads. Features Number Calculating ASCII codes Caeser-Encryption Hex Encoding Octal encoding Binary Encrypt Random Octal Quotes Add trash to code Url Encode TCHunt-ng v1.2 – Reveal encrypted files Extras: create Badbunny JS-infector customize JS Downloader (payload dropper) Screenshot CyberChef – A web App For Encryption, […]
Windows shell is what, every hacker loves. There are various Windows payloads are designed to bypass Windows OS security mechanism. According to ethical hacking researcher of international institute of cyber security these payloads are well coded to get sessions of Windows OS. There are many different ways of getting reverse shell. Today we will show […]
DNSlivery allows to deliver files to a target using DNS as the transport protocol and has been inspired by PowerDNS and Joff Thyer‘s technical segment on the Paul’s Security Weekly podcast #590 Features: allows to print, execute or save files to the target does not require any client on the target does not require a […]
A new China-based campaign dubbed Nansh0u targets Windows MS-SQL and PHPMyAdmin servers worldwide. The attack campaign primarily targets servers belonging to the healthcare, telecommunications, media, and IT sectors. Guardicore Labs detected the campaign at the beginning of April, but the attacks found dating back to February 26. Throughout the campaign threat actors used 20 different […]