Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
12 résultats taggé framework  ✕
HuluCaptcha — An example of a FakeCaptcha framework https://gi7w0rm.medium.com/hulucaptcha-an-example-of-a-fakecaptcha-framework-9f50eeeb2e6d
04/06/2025 13:20:20
QRCode
archive.org

Hello and welcome back to another blog post. After some time of absence due to a lot of changes in my personal life ( finished university, started a new job, etc), I am happy to finally be able to present something new.

Chapter 1: Captcha-verified Victim
This story starts with a message by one of my long time internet contacts:

Figure 1: Shit hit the Fan
I assume, some of you can already tell from this message alone that something terrible had just happend to him.

The legitimate website of the German Association for International Law had redirected him to an apparent Cloudflare Captcha site asking him to execute a Powershell command on device that does a Webrequest (iwr = Invoke-WebRequest) to a remote website (amoliera[.]com) and then pipes the response into “iex” which stands for Invoke-Expression.

Thats a text-book example for a so called FakeCaptcha attack.

For those of you that do not know what the FakeCaptcha attack technique is, let me give you a short primer:

A Captcha in itself is a legitimate method Website Owners use to differentiate between bots (automated traffic) and real human users. It often involves at-least clicking a button but can additionally require the website visitor to solve different form of small tasks like clicking certain images out of a collection of random images or identifying a bunch of obscurely written letters. The goal is to only let users visit the website that are able to solve these tasks, which are often designed to be hard for computers but easy for human beings. Well, most of the times.

gi7w0rm medium 2025 EN HuluCaptcha FakeCaptcha framework ClickFix
Code injection attacks using publicly disclosed ASP.NET machine keys https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/
07/02/2025 08:53:47
QRCode
archive.org
thumbnail

Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.

microsoft EN 2025 Code-Injection ASP.NET Godzilla post-exploitation framework
Thousands of servers hacked in ongoing attack targeting Ray AI framework https://arstechnica.com/security/2024/03/thousands-of-servers-hacked-in-ongoing-attack-targeting-ray-ai-framework/?comments=1&comments-page=1
28/03/2024 00:21:11
QRCode
archive.org
thumbnail

Researchers say it's the first known in-the-wild attack targeting AI workloads.

arstechnica EN 2024 Ray AI framework attack ongoing servers
Framework Data Breach - General Topics - Framework Community https://community.frame.work/t/framework-data-breach/43408
15/01/2024 11:26:23
QRCode
archive.org
thumbnail

Copypasta’d from an email from FW:

Hello,
Keating Consulting, Framework’s primary external accounting partner, brought to our attention at 8:13am PST on January 11th, 2024, that one of their accountants fell victim to…

frame.work Framework Data Breach Keating Consulting phishing
Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms
21/12/2023 19:57:21
QRCode
archive.org
thumbnail

MuddyC2Go framework and custom keylogger used in attack campaign.
Iranian espionage group Seedworm (aka Muddywater) has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania.

Seedworm has been active since at least 2017, and has targeted organizations in many countries, though it is most strongly associated with attacks on organizations in the Middle East. It has been publicly stated that Seedworm is a cyberespionage group that is believed to be a subordinate part of Iran’s Ministry of Intelligence and Security (MOIS).

symantec-enterprise-blogs EN 2023 Seedworm Irtan APT Muddywater MuddyC2Go framework keylogger
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
10/05/2023 10:14:46
QRCode
archive.org
thumbnail

Summary Snake, also known as Turla, Uroburos and Agent.BTZ, is a relatively complex malware framework used for targeted attacks. Over the past year Fox-IT has been involved in multiple incident response cases where the Snake framework was used to steal sensitive information. Targets include government institutions, military and large corporates. Researchers who have previously analyzed…

fox-it 2017 EN Snake Turla Uroburos malware framework macos OSX
EXFILTRATOR-22 - An Emerging Post-Exploitation Framework https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework/
27/02/2023 20:58:42
QRCode
archive.org
thumbnail

Executive Summary The CYFIRMA Research team has provided a preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a....

cyfirma EN 2023 EXFILTRATOR-22 analysis post-exploitation framework
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
23/11/2022 22:57:25
QRCode
archive.org
thumbnail

Key Takeaways

  • Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing.
  • Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team.
  • We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild.
  • The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code.
    P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
proofpoint EN 2022 redteam tool Nighthawk C2 framework threat
Reverse Engineering the Apple MultiPeer Connectivity Framework https://www.evilsocket.net/2022/10/20/Reverse-Engineering-the-Apple-MultiPeer-Connectivity-Framework/
22/10/2022 18:38:55
QRCode
archive.org
thumbnail

Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.

evilsocket EN 2022 Apple MultiPeer Connectivity Framework mDNS analysis macOS LogicPro network reverse-engineering
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks - Microsoft Security Blog https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
25/08/2022 14:34:56
QRCode
archive.org
thumbnail

Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.

microsoft EN 2022 Sliver C2 framework command-and-control threat-actor
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
03/08/2022 15:35:19
QRCode
archive.org
thumbnail
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
  • The implants for the new malware family are written in the Rust language for Windows and Linux.
  • A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.
  • We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.
  • We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
talosintelligence EN 2022 manjusaka CobaltStrike framework imitation C2
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns https://www.consilium.europa.eu/en/press/press-releases/2022/06/21/council-conclusions-on-a-framework-for-a-coordinated-eu-response-to-hybrid-campaigns/
22/06/2022 20:30:23
QRCode
archive.org
thumbnail

RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.

europa EU 2022 EN Framework Council hybrid campaigns Hybrid Toolbox non-state actors legal
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio