Dragos ICS/OT Ransomware Analysis: Q4 2021
https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021
@IotPenetrationTesting
https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021
@IotPenetrationTesting
#Malware_analysis
1. xRAT/Quasar RAT
https://asec.ahnlab.com/en/31089
2. MyloBot 2022 - Evasive botnet
https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails
@IotPenetrationTesting
1. xRAT/Quasar RAT
https://asec.ahnlab.com/en/31089
2. MyloBot 2022 - Evasive botnet
https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails
@IotPenetrationTesting
ASEC
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed - ASEC
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed ASEC
#Malware_analysis
1. Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade
2. ShadowPad Malware Analysis
https://www.secureworks.com/research/shadowpad-malware-analysis
3. PrivateLoader to Anubis Loader
https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e
@IotPenetrationTesting
1. Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade
2. ShadowPad Malware Analysis
https://www.secureworks.com/research/shadowpad-malware-analysis
3. PrivateLoader to Anubis Loader
https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e
@IotPenetrationTesting
HP Wolf Security
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Attackers Disguise RedLine Stealer as a Windows 11 Upgrade, to learn more about cyber threats and cyber security.
#Threat_Research
1. Western Digital My Cloud Pro Series PR4100 RCE
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce
2. "Ice phishing" on the blockchain
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
@IotPenetrationTesting
1. Western Digital My Cloud Pro Series PR4100 RCE
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce
2. "Ice phishing" on the blockchain
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
@IotPenetrationTesting
Onekey
Advisory: Western Digital My Cloud Pro Series PR4100 RCE | ONEKEY Research | Research | ONEKEY
The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.
#Malware_analysis
1. Tracking SugarLocker ransomware & operator
https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49
2. Analysis - Sugar Ransomware:
New Ransomware Group Conducting Low-Profile Attacks
https://blog.cyble.com/2022/02/17/analysis-sugar-ransomware
@IotPenetrationTesting
1. Tracking SugarLocker ransomware & operator
https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49
2. Analysis - Sugar Ransomware:
New Ransomware Group Conducting Low-Profile Attacks
https://blog.cyble.com/2022/02/17/analysis-sugar-ransomware
@IotPenetrationTesting
Medium
Tracking SugarLocker ransomware & operator
Author: S2W TALON
https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure
@IotPenetrationTesting
@IotPenetrationTesting
Microsoft News
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure. In this blog, we share the analysis of this method and provide insights on how attackers gain access…
Pwning MS Azure Defender for IoT
Multiple Flaws Allow RCE for All
https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all
@IotPenetrationTesting
Multiple Flaws Allow RCE for All
https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all
@IotPenetrationTesting
SentinelOne
Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
As if IoT & OT aren't hard enough to defend, we dive into five critical vulnerabilities in Microsoft Defender for IoT that leave the door wide open.
WCam.pdf
4.3 MB
#Whitepaper
#IoT_Security
"Vulnerabilities Identified in Wyze Cam IoT Device", 2022.
@IotPenetrationTesting
#IoT_Security
"Vulnerabilities Identified in Wyze Cam IoT Device", 2022.
@IotPenetrationTesting
#SCADA_Security
The Old SWITCHEROO:
Hiding Code on Rockwell Automation PLCS
https://claroty.com/2022/03/31/blog-research-hiding-code-on-rockwell-automation-plcs
@IotPenetrationTesting
The Old SWITCHEROO:
Hiding Code on Rockwell Automation PLCS
https://claroty.com/2022/03/31/blog-research-hiding-code-on-rockwell-automation-plcs
@IotPenetrationTesting
Claroty
The Old Switcheroo: Hiding Code on Rockwell Automation PLCs
Discover the vulnerabilities found in Rockwell programmable logic controllers (PLCs) and engineering workstation software. Learn more with Claroty.
Umay - IoT Malware Similarity Analysis Platform
http://www.kitploit.com/2021/12/umay-iot-malware-similarity-analysis.html
@IotPenetrationTesting
http://www.kitploit.com/2021/12/umay-iot-malware-similarity-analysis.html
@IotPenetrationTesting
KitPloit - PenTest & Hacking Tools
Umay - IoT Malware Similarity Analysis Platform
Honeypot experiment reveals what hackers want from IoT devices
https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/
@IotPenetrationTesting
BleepingComputer
Honeypot experiment reveals what hackers want from IoT devices
A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices.
Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities
https://www.sentinelone.com/labs/inside-the-black-box-how-we-fuzzed-microsoft-defender-for-iot-and-found-multiple-vulnerabilities/
@IotPenetrationTesting
https://www.sentinelone.com/labs/inside-the-black-box-how-we-fuzzed-microsoft-defender-for-iot-and-found-multiple-vulnerabilities/
@IotPenetrationTesting
SentinelOne
Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities
A must-read for fuzzing fans, this post gives a detailed look at the advanced techniques used in our recent discovery of multiple bugs in Defender for IoT.
How to Hack MQTT - The Standard for IoT Messaging
https://securitycafe.ro/2022/04/08/iot-pentesting-101-how-to-hack-mqtt-the-standard-for-iot-messaging
@IotPenetrationTesting
https://securitycafe.ro/2022/04/08/iot-pentesting-101-how-to-hack-mqtt-the-standard-for-iot-messaging
@IotPenetrationTesting
Security Café
IoT Pentesting 101: How to Hack MQTT – The Standard for IoT Messaging
Pentesting IoT MQTT protocol on emulated environment deployed using mosquitto. Dictionary attacks, DoS, or exploiting dummy ICS Environments are presented.
Unpatched DNS bug affects millions of routers and #IoT devices
https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/
@IotPenetrationTesting
BleepingComputer
Unpatched DNS bug affects millions of routers and IoT devices
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.
Microsoft best practices for managing IoT security concerns
https://www.microsoft.com/security/blog/2022/04/25/microsoft-best-practices-for-managing-iot-security-concerns/
@IotPenetrationTesting
https://www.microsoft.com/security/blog/2022/04/25/microsoft-best-practices-for-managing-iot-security-concerns/
@IotPenetrationTesting
Microsoft Security Blog
Microsoft best practices for managing IoT security concerns | Microsoft Security Blog
The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals’ daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring…
#Malware_analysis
IoT malware EnemyBot
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
IoT malware EnemyBot
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
LevelBlue
Rapidly evolving IoT malware EnemyBot now targeting Content…
Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploiting…
https://github.com/woj-ciech/Kamerka-GUI/
With this tool, you can reconnect in the field of IoT and industrial control systems.
For example, depending on the country, you can find industrial control devices, medical equipment, IoT.
Using geographical features such as Google Maps, find the exact location of the device (for example, hospital, etc.)
Yousri also has attack facilities, such as Brute Force and Exploit.
@IotPenetrationTesting
With this tool, you can reconnect in the field of IoT and industrial control systems.
For example, depending on the country, you can find industrial control devices, medical equipment, IoT.
Using geographical features such as Google Maps, find the exact location of the device (for example, hospital, etc.)
Yousri also has attack facilities, such as Brute Force and Exploit.
@IotPenetrationTesting
GitHub
GitHub - woj-ciech/Kamerka-GUI: Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. - woj-ciech/Kamerka-GUI