Profile cover photo
Profile photo
Ethical Hacking & Computer Security (DigitalMunition)
547 followers
547 followers
About
Posts

Post has attachment
Bash script purposed for system enumeration, vulnerability identification and privilege escalation. MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor. Besides…
Add a comment...

Post has attachment
Not the first news of this nature but it was very recently discovered that Microsoft suffered a cyber attack from a group of very intelligent hackers way back in 2013. Cyber attacks happen but to think a major attack like this one can be kept secret for…
Add a comment...

Post has attachment
A wrapper tool for shadowsocks to consistently bypass firewalls. Quick start Automatically connect The easiest way to run this tool is just type ssct in terminal, and ssct will acquire available shadowsocks servers fromishadowsocks and connect to it…
Add a comment...

Post has attachment
objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project’s name quite literally…
Add a comment...

Post has attachment
Even with the most advanced email protections in place and an entire government organization to support them, the bad actors were able to spoof Her Majesty’s Revenue and Customs (HMRC) emails to spread a Java-based remote administration tool to…
Add a comment...

Post has attachment
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when…
Add a comment...

Post has attachment
The Necurs botnet is back once again, the dreaded botnet was spreading a downloader that takes screenshots of the victims’ desktops and Runtime Errors back to the attackers. “Recently we have seen a resurgence of emails sent by the Necurs botnet. The…
The Necurs botnet is back once again, the dreaded botnet was spreading a downloader that takes screenshots of the victims’ desktops and Runtime Errors back to the attackers. “Recently we have seen a resurgence of emails sent by the Necurs botnet. The latest blast of emails is spreading a new variant of the Locky ransomware (Ransom.Locky) or Trickybot (Trojan.Trickybot).” reads the analysis published by Symantec. “What’s interesting about this new wave is that the downloader now contains new functionality to gather telemetry from victims. It can take screen grabs and send them back to a remote server. There’s also an error-reporting capability that will send back details of any errors that the downloader encounters when it tries to carry out its activities.” The Necurs malware spread via spam campaigns or through compromised web servers, last time we read about it in January when it was being used by crooks to deliver the Locky ransomware. Now the Necurs Botnet, one of the world’s largest malicious architecture, is spreading a downloader with two interesting new features. The first feature consists in the addition of a Powershell script that takes a screengrab of the infected user’s screen, that is uploaded to a remote server after waiting a few seconds. The second addition is a built-in error reporting feature that monitors the Necurs downloader for errors and sends collected info back to Necurs botmaster. This is the first time that a downloader implements such kind of feature. experts believe Necurs operators gather intelligence about their campaigns. “When you consider the screen grab functionality together with the new error-reporting capability, it suggests that the Necurs attackers are actively trying to gather operational intelligence (OPINTEL) about the performance of their campaigns. ” continues Symantec. Collected data could allow the attackers to measure the efficiency of their campaign and detect when the malicious code has infected valuable environments, such as corporate networks. The error reporting feature allows coders to fix bugs in their software improving their success rates. The following graph reports the spam waves observed in the last months, after a period of silence from end of 2016 and into early 2017 it appeared again in March. The evidence collected by the researchers suggest an intensification of the activities related to the Necurs botnet. “Necurs went through a long spell of silence from end of 2016 and into early 2017. It burst back onto the scene around March and since then, it has been cranking up its activity levels, with recent months seeing the most action so far in 2017″ concludes Symantec. “With our data showing a resurgence in activity, and the apparent efforts to collect operational intelligence, we can expect to see continued evolution of the capabilities and a steady increase in Necurs activity levels in the coming months.”
The Necurs botnet is back once again, the dreaded botnet was spreading a downloader that takes screenshots of the victims’ desktops and Runtime Errors back to the attackers. “Recently we have seen a resurgence of emails sent by the Necurs botnet. The latest blast of emails is spreading a new variant of the Locky ransomware (Ransom.Locky) or Trickybot (Trojan.Trickybot).” reads the analysis published by Symantec. “What’s interesting about this new wave is that the downloader now contains new functionality to gather telemetry from victims. It can take screen grabs and send them back to a remote server. There’s also an error-reporting capability that will send back details of any errors that the downloader encounters when it tries to carry out its activities.” The Necurs malware spread via spam campaigns or through compromised web servers, last time we read about it in January when it was being used by crooks to deliver the Locky ransomware. Now the Necurs Botnet, one of the world’s largest malicious architecture, is spreading a downloader with two interesting new features. The first feature consists in the addition of a Powershell script that takes a screengrab of the infected user’s screen, that is uploaded to a remote server after waiting a few seconds. The second addition is a built-in error reporting feature that monitors the Necurs downloader for errors and sends collected info back to Necurs botmaster. This is the first time that a downloader implements such kind of feature. experts believe Necurs operators gather intelligence about their campaigns. “When you consider the screen grab functionality together with the new error-reporting capability, it suggests that the Necurs attackers are actively trying to gather operational intelligence (OPINTEL) about the performance of their campaigns. ” continues Symantec. Collected data could allow the attackers to measure the efficiency of their campaign and detect when the malicious code has infected valuable environments, such as corporate networks. The error reporting feature allows coders to fix bugs in their software improving their success rates. The following graph reports the spam waves observed in the last months, after a period of silence from end of 2016 and into early 2017 it appeared again in March. The evidence collected by the researchers suggest an intensification of the activities related to the Necurs botnet. “Necurs went through a long spell of silence from end of 2016 and into early 2017. It burst back onto the scene around March and since then, it has been cranking up its activity levels, with recent months seeing the most action so far in 2017″ concludes Symantec. “With our data showing a resurgence in activity, and the apparent efforts to collect operational intelligence, we can expect to see continued evolution of the capabilities and a steady increase in Necurs activity levels in the coming months.”
digitalmunition.me
Add a comment...

Post has attachment
BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security…
Add a comment...

Post has attachment
Vulnerability Vulnerability is described as a defect or a flaw inside the asset that could be used to obtain unauthorized access to it. A successful compromise of a vulnerability may result in data manipulation, code execution, etc. Threat A threat…
Add a comment...

Post has attachment
Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and…
Add a comment...
Wait while more posts are being loaded