I recently ran a Trickbot sample and the attackers went from Trickbot to Ryuk ransomware in just over two hours. The attackers ran Cobalt Strike within 30 minutes and confirmed hands on activity on a Domain Controller within 60 minutes. This blog post covers a TLDR, Timeline, Summary and IOCs. Security News & Discussion

---

• I recently ran a Trickbot sample and the attackers went from Trickbot to Ryuk ransomware in just over two hours. The attackers ran Cobalt Strike within 30 minutes and confirmed hands on activity on a Domain Controller within 60 minutes. This blog post covers a TLDR, Timeline, Summary and IOCs.
• Looking to learn about system exploitation, but don't know where to start? This (very) detailed guide covers all the basics. Contains 21 detailed CTF solutions, plenty of theory, and zero times the phrase "exercise left to the reader".
• Trickbot to Ryuk in Two Hours: the author ran a Trickbot sample in the lab and was quite surprised what occurred. The attackers ran Cobalt Strike across multiple machines within 30 minutes and confirmed hands on activity within 60 minutes. They
• InQL - A Burp Extension for GraphQL Security Testing
• Detecting authentication credentials leaked over HTTP
• Micropatching Unknown 0days in Windows Type 1 Font Parsing
• Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
• Exploiting magic links, critical bugs are one line away
• Practices to Maintain Endpoint Security
• Six years of the GitHub Security Bug Bounty program
• This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
• IDOR in VLC-iOS
• Fitz Roy: a free solo climbing to sanitize virtual machines
• Fixing the Desktop Linux Security Model - News
• Introducing GoSH - a Golang reverse/bind shell generator
• Open-Source: COVID, corona, & pademi domains
• Pentesting Cisco SD-WAN (Software Defined WAN) Part 1: Attacking vManage
• Windows Kernel Ps Callbacks Experiments
• Frida 12.8.15 is out w/ full support for iOS/arm64e and iOS 13.4
• Lexfo's security blog - Pentesting a banking FTP service
• /i considered harmful
• Taking Back What Is Already Yours: Router Wars
• A Review of the Sektor7 RED TEAM Operator: Malware Development Essentials Course

I recently ran a Trickbot sample and the attackers went from Trickbot to Ryuk ransomware in just over two hours. The attackers ran Cobalt Strike within 30 minutes and confirmed hands on activity on a Domain Controller within 60 minutes. This blog post covers a TLDR, Timeline, Summary and IOCs. Posted: 26 Mar 2020 06:35 AM PDT submitted by /u/InfoSecJim [link] [comments]

Looking to learn about system exploitation, but don't know where to start? This (very) detailed guide covers all the basics. Contains 21 detailed CTF solutions, plenty of theory, and zero times the phrase "exercise left to the reader". Posted: 25 Mar 2020 11:45 PM PDT submitted by /u/ynvb [link] [comments]

Trickbot to Ryuk in Two Hours: the author ran a Trickbot sample in the lab and was quite surprised what occurred. The attackers ran Cobalt Strike across multiple machines within 30 minutes and confirmed hands on activity within 60 minutes. They Posted: 26 Mar 2020 01:48 PM PDT submitted by /u/digicat [link] [comments]

InQL - A Burp Extension for GraphQL Security Testing Posted: 26 Mar 2020 12:08 PM PDT submitted by /u/nibblesec [link] [comments]

Detecting authentication credentials leaked over HTTP Posted: 26 Mar 2020 10:03 AM PDT submitted by /u/pabloest [link] [comments]

Micropatching Unknown 0days in Windows Type 1 Font Parsing Posted: 26 Mar 2020 04:55 PM PDT submitted by /u/dielel [link] [comments]

Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities Posted: 26 Mar 2020 11:34 AM PDT submitted by /u/digicat [link] [comments]

Exploiting magic links, critical bugs are one line away Posted: 26 Mar 2020 12:03 PM PDT submitted by /u/0xsha [link] [comments]

Practices to Maintain Endpoint Security Posted: 26 Mar 2020 12:29 AM PDT submitted by /u/HealthyCategory [link] [comments]

Six years of the GitHub Security Bug Bounty program Posted: 26 Mar 2020 07:58 AM PDT submitted by /u/r4bb17 [link] [comments]

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits Posted: 25 Mar 2020 05:45 AM PDT submitted by /u/digicat [link] [comments]

IDOR in VLC-iOS Posted: 26 Mar 2020 09:04 AM PDT submitted by /u/input0 [link] [comments]

Fitz Roy: a free solo climbing to sanitize virtual machines Posted: 26 Mar 2020 10:19 AM PDT submitted by /u/vilethan3773 [link] [comments]

Fixing the Desktop Linux Security Model - News Posted: 25 Mar 2020 04:39 AM PDT submitted by /u/adrelanos [link] [comments]

Introducing GoSH - a Golang reverse/bind shell generator Posted: 25 Mar 2020 11:46 AM PDT submitted by /u/_____WINTERMUTE_____ [link] [comments]

Open-Source: COVID, corona, & pademi domains Posted: 25 Mar 2020 06:50 PM PDT Hey all, I would like to share a new blog post that my team is releasing which I think will help you all. We have identified 48K+ covid, corona, and pandemi domains currently registered. https://swimlane.com/blog/identify-malicious-domains-using-soar/ To also help with the detection and investigation of potential COVID-19-related domains, we are providing a GitHub repository that contains registered domains from all (most) gTLDs (domain name extensions). Additionally, we are providing another dataset in the form of two JSON files. These files are specific to the following terms and will be updated as needed: • corona • covid • pandemi We are providing two JSON files for each of these terms (and their confusables) that contain the same data but are structured in different ways. For example, we are providing the following data structures: domains_by_ip.json: These json files are organized by key value of the domain name and the value is the domain's registered IP addresses. ips_by_doman.json: These json files are organized by key value of IPs and the values are a list of domains associated with that IP address. master_blacklist.txt: This file contains a blacklist of all terms and their identified domains, except for domains ending in .gov. More than likely you should blacklist all of these domains but use at your own discretion. You can find this dataset, which will be updated & archived daily on the following GitHub repository: https://github.com/swimlane/deepdive-domain-data. submitted by /u/_Unas_ [link] [comments]

Pentesting Cisco SD-WAN (Software Defined WAN) Part 1: Attacking vManage Posted: 25 Mar 2020 08:16 AM PDT submitted by /u/dzeta_ [link] [comments]

Windows Kernel Ps Callbacks Experiments Posted: 25 Mar 2020 05:55 AM PDT submitted by /u/muhh198 [link] [comments]

Frida 12.8.15 is out w/ full support for iOS/arm64e and iOS 13.4 Posted: 24 Mar 2020 05:17 PM PDT submitted by /u/oleavr [link] [comments]

Lexfo's security blog - Pentesting a banking FTP service Posted: 25 Mar 2020 08:12 AM PDT submitted by /u/n3d [link] [comments]

/i considered harmful Posted: 25 Mar 2020 05:43 PM PDT submitted by /u/ffyns [link] [comments]

Taking Back What Is Already Yours: Router Wars Posted: 24 Mar 2020 04:06 PM PDT submitted by /u/paddlesteamer [link] [comments]

A Review of the Sektor7 RED TEAM Operator: Malware Development Essentials Course Posted: 24 Mar 2020 04:22 PM PDT submitted by /u/IamJacksLackOf [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States