Die Weihnachtszeit bringt leider nicht nur Plätzchen und Geschenke mit sich. Auch Phishing-Mails häufen sich. 📧 Getarnt als Bank oder Online-Händler versuchen Kriminelle an eure persönlichen Daten zu kommen. Die Nachahmung haben sie dabei perfektioniert. Damit dieses Weihnachten keine bösen Überraschungen unter dem Baum liegen, könnt ihr einige Punkte beachten, um euch vor Phishing zu schützen.
As we continue down the "Year in Review" from Cisco Talos Intelligence Group we move to the MITRE ATT&CK Technique, which is second on their list of top 20 most common seen, T1078, Valid Accounts.
T1078 or Valid Accounts is used when "adversaries obtain and abuse credentials of existing accounts as a means of Initial Access, Persistence, Privilege Escalation, or Defense Evasion." Basically, the adversary is leveraging your own users against you! Of course, the more privileges the account has the better!
This technique also has 4 sub-techniques, which helps defenders get a little more specific with the technical details. These include the abuse of Default Accounts, Domain Accounts, Local Accounts, and Cloud accounts, all of which have their own little role to play in an adversaries attack!
Ever wondered when passwords, backup policies, and dumpster-diving attacks were invented? In my current blog post about the history of cybersecurity, I take a deep dive into the 1960s. I discuss technical trends that sparked changes in computing practices and that created a demand for IT security controls such as time-sharing and multiprogramming: https://percepticon.de/2023/the-history-of-cybersecurity-pt-2-1960s/#cybersecurity#history#itsecurity
Zwei #TryHackMe-Räume weiter möchte ich gerne schreien. WIESO ist das so einfach, ein schrottiges #Win7 zu übernehmen? Inkl. alle Passwörter dumpen, ein goldenes Kerberos-Ticket ausstellen, Zugriff auf Kamera und Mikrofon und überhaupt alles? Ich weiß ja, dass die THM-Räume absichtlich so eingerichtet sind, dass Dinge gehen. ABER DAS SOLLTE NICHT SO EINFACH GEHEN! im Kreis renn#ITSec#ITSecurity#ITSicherheit#Windows#Hacking
The Cisco Talos Intelligence Group researchers discovered a new remote access trojan (#RAT) that they dubbed "SugarGh0st". The adversary was "targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korean".
In one of the attacks, the adversary used a shortcut file with a double extension, which is a technique adversaries use to abuse the default settings of Windows, which is to hide the extensions, so the user may not suspect anything. Some of the capabilities include video and screen capture as well as the ability to clear tracks by deleting event logs. Check out the rest of the technical details and the second infection chain in the article! Enjoy and Happy Hunting!
I can't believe #BlackHatEurope is starting on Monday! That means this is the last week to register for Cyborg Security's Threat Hunter training delivered by me! We will cover some resources that we can use for researching prior to our hunt, we will demonstrate how to extract key artifacts from an intel report and turn those artifacts into something useful, and then we will get into the data to hunt for evidence of malicious adversary behavior! It's going to be a fun time, good discussions, and a great chance to get some hands on experience hunting and pivoting through an investigation. I can't wait! Until then, Happy Hunting!
Ich verstehe immer mehr, wieso #KRITIS und #itsecurity im Grunde ohne einen fähigen Ethiker gar nicht ganzheitlich betrachtet werden kann!
Wir brauchen mehr #Ethik und mehr Ethik-Fachleute in der IT-Security
danke an @HonkHase für die wirklich guten einblicke in den letzten Jahren auf den #CCC Veranstaltungen
As planned (but a little later than I would have wanted) comes Part 2 of my posts related to the Palo Alto Networks Unit 42 article on #AgonizingSerpens. In my first installment, I covered the TTPs and behaviors of the APT that were presented by the team and in this post I am going to cover the TTPs and behaviors observed by the first wiper they discussed, the #MultiLayerWiper. Enjoy and Happy Hunting!
"Late Wednesday, officials with the center said it had been the target of a ransomware attack Tuesday and that some employee files had become inaccessible because of encryption.
Investigators were working to determine if any data was compromised in the attack, officials said."