https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer
#Bluetooth
@iotpenetrationtesting
#Bluetooth
@iotpenetrationtesting
GitHub
GitHub - Matheus-Garbelini/esp32_bluetooth_classic_sniffer: Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board…
Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board can get. Works with Scapy ;-) - Matheus-Garbelini/esp32_bluetooth_classic_sniffer
1. Cisco VOIP Adapter ATA19X Privilege Escalation
and RCE (PoC for CVE-2021-34710)
https://www.iot-inspector.com/blog/advisory-cisco-ata19x-privilege-escalation-rce
2. Dahua Console: access internal debug console
and/or other researched functions
https://github.com/mcw0/DahuaConsole
#IoT_Security
@iotpenetrationtesting
and RCE (PoC for CVE-2021-34710)
https://www.iot-inspector.com/blog/advisory-cisco-ata19x-privilege-escalation-rce
2. Dahua Console: access internal debug console
and/or other researched functions
https://github.com/mcw0/DahuaConsole
#IoT_Security
@iotpenetrationtesting
Onekey
Advisory: Cisco ATA19X Privilege Escalation and RCE | ONEKEY Research | Research | ONEKEY
We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.
#IoT_Security
Uncovering Broadcom SDK Vulnerabilities from Bug Reports
https://www.iot-inspector.com/blog/broadcom-sdk-vulnerabilities-bug-reports
#Sdk
#Vulnerability
@iotpenetrationtesting
Uncovering Broadcom SDK Vulnerabilities from Bug Reports
https://www.iot-inspector.com/blog/broadcom-sdk-vulnerabilities-bug-reports
#Sdk
#Vulnerability
@iotpenetrationtesting
Onekey
Severe SDK vulnerabilities at Broadcom due to copy-paste engineering | ONEKEY
The Deimos implant
https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant
#Malware_analysis
@iotpenetrationtesting
https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant
#Malware_analysis
@iotpenetrationtesting
www.elastic.co
Going Coast to Coast - Climbing the Pyramid with the Deimos Implant — Elastic Security Labs
The Deimos implant was first reported in 2020 and has been in active development; employing advanced analysis countermeasures to frustrate analysis. This post details the campaign TTPs through the malware indicators.
Necro Python Botnet
Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
#Malware_analysis
@iotpenetrationtesting
Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
#Malware_analysis
@iotpenetrationtesting
Juniper Networks
Necro Python Botnet Goes After Vulnerable VisualTools DVR
In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a
1. A step-by-step analysis of the new malware used by APT28/Sofacy called SkinnyBoy
https://cybergeeks.tech/skinnyboy-apt28
2. BlackByte Ransomware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis
#Malware_analysis
@iotpenetrationtesting
https://cybergeeks.tech/skinnyboy-apt28
2. BlackByte Ransomware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis
#Malware_analysis
@iotpenetrationtesting
Levelblue
BlackByte Ransomware – Pt. 1 In-depth Analysis | Trustwave
During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.
#exploit
CVE-2021-42342:
Goahead webserver (<5.1.5) RCE
https://github.com/kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-
@iotpenetrationtesting
CVE-2021-42342:
Goahead webserver (<5.1.5) RCE
https://github.com/kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-
@iotpenetrationtesting
GitHub
GitHub - kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-: A small PoC for the recent RCE found in the Goahead Webserver…
A small PoC for the recent RCE found in the Goahead Webserver prior to version 5.1.5. - GitHub - kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-: A small PoC for the recent RCE found i...
With the emergence of new technologies, the Internet of Things (IoT) has been proposed recently which aims at providing very-long-range transmission with low power consumption. However, this technology suffers from several security and privacy vulnerabilities that could compromise availability, authentication, and privacy. This channel aims to provide enormous stuff, for instance, books, codes, videos, and presentations slides. Please welcome and join us.
@iotpenetrationtesting
@iotpenetrationtesting
IoT/ICS Security & Malware pinned «With the emergence of new technologies, the Internet of Things (IoT) has been proposed recently which aims at providing very-long-range transmission with low power consumption. However, this technology suffers from several security and privacy vulnerabilities…»
Node poisoning:
hijacked package delivers coin miner
and credential-stealing backdoor
https://news.sophos.com/en-us/2021/10/24/node-poisoning-hijacked-package-delivers-coin-miner-and-credential-stealing-backdoor
#Malware_analysis
hijacked package delivers coin miner
and credential-stealing backdoor
https://news.sophos.com/en-us/2021/10/24/node-poisoning-hijacked-package-delivers-coin-miner-and-credential-stealing-backdoor
#Malware_analysis
Sophos News
Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor
A hacked NPM account was used to deliver Linux and Windows Monero miners and Windows credential-stealing malware along with a popular node.js library.
#Malware_analysis
DECAF Ransomware (Go)
https://blog.morphisec.com/decaf-ransomware-a-new-golang-threat-makes-its-appearance
DECAF Ransomware (Go)
https://blog.morphisec.com/decaf-ransomware-a-new-golang-threat-makes-its-appearance
Morphisec
DECAF Ransomware: A New Golang Threat Makes Its Appearance
The DECAF Ransomware written in the Go language is becoming more popular among threat actors. We recommend organizations update their breach prevention strategy.
#Malware_analysis
1. ExcelPeek - tool to help investigate potentially Malicious MS Excel Files
https://github.com/slaughterjames/excelpeek
2. Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge
@IotPenetrationTesting
1. ExcelPeek - tool to help investigate potentially Malicious MS Excel Files
https://github.com/slaughterjames/excelpeek
2. Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge
@IotPenetrationTesting
GitHub
GitHub - slaughterjames/excelpeek
Contribute to slaughterjames/excelpeek development by creating an account on GitHub.
#SCADA_Security
AttkFinder is a tool that performs static program analysis of PLC programs, and produce Data-oriented Attack vectors
https://gitlab.com/jhcastel/attkfinder
AttkFinder is a tool that performs static program analysis of PLC programs, and produce Data-oriented Attack vectors
https://gitlab.com/jhcastel/attkfinder
GitLab
John Caste / attkfinder · GitLab
#amsi #powershell #bypass
AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process
https://amsi.fail
AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process
https://amsi.fail