All posts tagged cyber

■■■■■ Zero-Day exploit code: https://github.com/Vulnmachines/cve-2021-41773 https://t.me/cKure/9655

☆ Breaking: Phrack 2021 has been released. http://phrack.org/issues/70/1.html https://t.me/cKure/9653

■■□□□ PoC (not included) for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) https://twitter.com/ducnt_/status/1445386557574324234 https://t.me/cKure/9652

■■■■□ Ukraine : Law enforcement agencies have announced the arrest of two “prolific ransomware operators” in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents. https://www.europol.europa.eu/newsroom/news/ransomware-gang-arrested-in-ukraine-europol%E2%80%99s-support https://thehackernews.com/2021/10/ransomware-hackers-who-attacked-over.html https://t.me/cKure/9651

● Yet another website: aaqeel01.wordpress.com (Malware Research Website) https://t.me/cKure/9650

■■■□□ For a long time, 443 was the default port used by #dridex for the main C2 IP. Recently new ports are being used: 6225, 8443, 9676. The standard port 443 isn’t used at all. Botnets 10111, 22202. Source: CPR https://t.me/cKure/9649

■□□□□ Facebook, Instagram, and WhatsApp are starting to come back online after a BGP routing issue caused an over five-hour worldwide outage. https://t.me/cKure/9648

■■■■■ DCOM_AV_EXEC allows for “diskless” lateral movement to a target on the same network via DCOM. The AV_Bypass_Framework_V3 creates a .NET shellcode runner (output as DLL) which can be used with the DCOM_AV_EXEC tool to bypass antivirus solutions. https://gitlab.com/theepicpowner/dcom_av_exec https://t.me/cKure/9646

■□□□□ Facebook’s TOR link also went down. facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion https://t.me/cKure/9643

■■□□□ Facebook outage details so far. https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/ https://t.me/cKure/9642