A New Hacking Group Hitting Russian Companies With Ransomware

~ Dade Murphy ~ Leave a comment

The Hacker News-- As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking … Continue reading A New Hacking Group Hitting Russian Companies With Ransomware

FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) – A Distributed Evolutionary Binary Fuzzer For Pentesters

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- FLUFFI - A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will not be published. However, FLUFFI found the following … Continue reading FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) – A Distributed Evolutionary Binary Fuzzer For Pentesters

Combining Hadoop and MCollective for total network compromise

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- This is the story of how only two insecure configurations allowed us to take down an entire cloud hosted company. It was a gray box pentest for a relatively big client, in which we were tasked with assessing the security of about 5 development endpoints, accessible only using a client certificate. … Continue reading Combining Hadoop and MCollective for total network compromise

Unsecured Microsoft Bing Search Server Exposed User Queries and Location Data

~ Dade Murphy ~ Leave a comment

The Hacker News-- A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The data leak, discovered by Ata Hakcil of WizCase on September 12, is … Continue reading Unsecured Microsoft Bing Search Server Exposed User Queries and Location Data

GRAT2 – Command And Control (C2) Project For Learning Purpose

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0. The main idea came from Georgios Koumettou who initiated the project.Why we developed GRAT2 ? We are aware that there are numerous C2 tools out there but, we developed this tool due to curiosity … Continue reading GRAT2 – Command And Control (C2) Project For Learning Purpose

British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies

~ Dade Murphy ~ Leave a comment

The Hacker News-- A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri. Nathan Francis Wyatt , 39, who is a key member of the infamous international hacking group … Continue reading British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies