Category: Articles

How to Use Gtfo to Search for Abusable Binaries During Post-Exploitation

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- GTFOBins and LOLBAS are projects with the goal of documenting native binaries that can be abused and exploited by attackers on Unix and Windows systems, respectfully. These binaries are often used for "living off the land" techniques during post-exploitation. In this tutorial, we will be exploring gtfo, a tool used to … Continue reading How to Use Gtfo to Search for Abusable Binaries During Post-Exploitation

How to Use Gtfo to Search for Abusable Binaries During Post-Exploitation

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- GTFOBins and LOLBAS are projects with the goal of documenting native binaries that can be abused and exploited by attackers on Unix and Windows systems, respectfully. These binaries are often used for "living off the land" techniques during post-exploitation. In this tutorial, we will be exploring gtfo, a tool used to … Continue reading How to Use Gtfo to Search for Abusable Binaries During Post-Exploitation

Risky business: survey shows majority of people use work devices for personal use

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway (i.e. more online shopping and more streaming TV/movies). Other changes are more extreme and we’re only beginning to understand the long-term … Continue reading Risky business: survey shows majority of people use work devices for personal use

A Handy Guide for Choosing a Managed Detection & Response (MDR) Service

~ Dade Murphy ~ Leave a comment

The Hacker News-- Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches." This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts. … Continue reading A Handy Guide for Choosing a Managed Detection & Response (MDR) Service

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

~ Dade Murphy ~ Leave a comment

The Hacker News-- Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via … Continue reading ALERT! Hackers targeting IoT devices with a new P2P botnet malware

TryHackMe: The Impossible Challenge Write-up

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- TryHackme: The Impossible Challenge Write-upUnicode Steganography with Zero-Width CharactersHi everyone !Room: The Impossible ChallengeDifficulty: MediumThe name already suggests it is bit tough and time-consuming challenge for me based on cryptography/stenography. So let’s hunt for flag….When you enter the room it looks all normal and from here trouble begins..Challenge includes a password-protected zip file named … Continue reading TryHackMe: The Impossible Challenge Write-up

Release the Kraken: Fileless APT attack abuses Windows Error Reporting service

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism. That reporting service, WerFault.exe, is usually invoked when an error related to the operating system, Windows … Continue reading Release the Kraken: Fileless APT attack abuses Windows Error Reporting service