Last month, Amazon lost control of its cloud-based IP address pool for more than three hours, which allowed cyber criminals to steal $235,000 from users of one of AWS’s customers. Using BGP hijacking, hackers gained control over a pool of 256 IP addresses. Briefly describing the BGP protocol, it is a backbone – the basis …
Year: 2022
SOCMINT – or rather OSINT of social media
SOCMINT is the process of gathering and analyzing the information collected from various social networks, channels and communication groups in order to track down an object, gather as much partial data as possible, and potentially to understand its operation. All this in order to analyze the collected information and to achieve that goal by making …
PyScript – or rather Python in your browser + what can be done with it?
PyScript – or rather Python in your browser + what can be done with it? A few days ago, the Anaconda project announced the PyScript framework, which allows Python code to be executed directly in the browser. Additionally, it also covers its integration with HTML and JS code. An execution of the Python code in …
Part 3. Windows security: reconnaissance of Active Directory environment with BloodHound.
Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. The entire BloodHound package can be downloaded (Figure 32) from the address: https://github.com/BloodHoundAD/BloodHound/releases After downloading and …
Part 1. Windows security: reconnaissance of Active Directory environment with BloodHound.
Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …
Part 1. Windows security – what is LSASS dump. How to protect against it?
Windows security – what is LSASS dump. How to protect against it? The ability of Advanced Persistent Threat (APT) groups and other threat actors to take a dump of Windows credentials is a serious threat especially to enterprises and other organizations. The MITRE ATT&CK knowledge base, which is created primarily to support defense against cyber …
Remote code execution by fail2ban
In this article we will discuss a recently published vulnerability in quite popular software – fail2ban (CVE-2021-32749). Under the right conditions, this bug could be exploited to achieve code execution with root privileges. Luckily, it is difficult for a “normal” attacker to achieve. This vulnerability is rooted in a way the mail command from the …
Detecting threats to wireless networks with a free IDS-class tool: nzyme
Nzyme is a new Open Source software, created in a spare time by CTO Graylog Lennart Koopmann. In March this year, version 1.0 of “Kyle Canyon” was released. Nzyme is used to detect threats to wireless networks and belongs to the family of Wireless Intrusion Detection System (WIDS). This is probably the most interesting and …