Overview

Welcome to everyone,

First I would like to say that I respect the greatest mathematicians and developers of cryptographic tools and that my mission is not to be better than them, but to make our environment more secure

Today I will present a concept that I have developed from a new generation of open source tool for protecting files. But first let’s go to the reason for the purpose of creation. With the reality getting closer and more comprehensive to the use of quantum computing, I believe that in the next 15 to 25 years or even earlier, quantum computing…


Summary

For some reason, you ran into a windows server 2012 on a virtual machine and do not know the administrator password or simply forgot the password and need to gain access this is for you.

Requirements:

Windows 2012 Server Iso image booted on some device or into your virtual machine.

Overview

Boot on your Windows Server Image and go to repair setting

Go to Troubleshoot and open the CMD


In this blog series, I will try to set some base knowledge for Windows system debugging & exploitation and present how to setup an environment for remote kernel debugging. This environment will be useful for learning Windows internals and indispensable for our future posts about its exploitation. About Windows internals, I really recommend the training from Pavel Yosifovich on Pluralsight that will expand your familiarity with the system if you are new to the topic.

Windows exploitation is certainly not an easy subject to learn since there are not many Windows challenges available. When you look at current CTFs for…


Summary

Intezer discovered a campaign targeting cryptocurrency users that they estimate began in early 2020. A new RAT associated with the campaign has been named ElectroRAT by Intezer. It is written in Golang and can run on Linux, MacOS, and Windows.

Threat Type

  • Malware

Overview

A campaign that targets cryptocurrency users was discovered by Intezer in late 2020. Intezer estimates the campaign began around January 2020. Three Trojanized applications (DaoPoker, eTrade, and Jamm) built using the Electron framework are used in the campaign to deliver a RAT that has been named ElectroRAT by Intezer. The applications have been promoted through fake user accounts on…


Overveiw

At dawn on Sunday we discovered a new ransomware called Valorant-Bypass, a new major threat emerging in the midst of the pandemic crisis. We decided to do a thorough analysis, comparing his behavior with that of his predecessor wannacry known for the damage caused in the industry.

Analysis:

first let’s start with the processes.

Valorant-Bypass

New WannaCry


Overview

A new threat begins to circulate in networks a ransomware
titled valorant it uses riot’s anti cheat to rename and encrypt files.

They promise to bypass the anti-cheat but is a ransomware

General

MIME: application/x-dosexecFile info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

MD5

8173C0A277C1206965FB72E23EA67C32

Static information

.exe

| UPX compressed Win32 Executable (39.3%)

.exe

| Win32 EXE Yoda’s Crypter (38.6%)

.dll

| Win32 Dynamic Link Library (generic) (9.5%)

.exe

| Win32 Executable (generic) (6.5%)

.exe

| Generic Win/DOS Executable (2.9%)

Behavior graph

Screenshots


A massive malware campaign has been making noise in Brazil. The first sample: virustoal released on DEC 2016.

Overview

A massive network spread of malware was release on DEC 2016 and after the first sample, the network provider was used to send more than 8k of malware in less than 1 year of working.

the number of total of victims still under investigation.

But all targets seems to be store and online shopping. Some of these malware are a stealer banker.

Recommendations

Ensure anti-virus software and associated files are up to date.

Search for existing signs of the indicated IoCs in your environment.

Consider blocking and or setting up detection for all URL and IP based IoCs.

Keep applications and operating systems running at the current released patch level.

Exercise caution with attachments and links in emails.

Reference: https://otx.alienvault.com/pulse/5eb742b4e92fc1033e63333c


Overview

The Anomali Threat Research Team has identified an ongoing campaign which it believes is being conducted by the China-based threat group, Mustang Panda. The team first revealed these findings on Wednesday, October 2, during Anomali Detect 19, the company’s annual user conference, in a session titled: “Mustang Panda Riding Across Country Lines.”

CrowdStrike researchers first published information on Mustang Panda in June 2018, after approximately one year of observing malicious activities that shared unique Tactics, Techniques, and Procedures (TTPs).[1]This campaign dates back to at least November 2018. The research does not indicate with absolute certainty which entities are being targeted…

NatSec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store