strike – OWASP Jakarta

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. “The attackers embedded malicious JavaScript in these Read more…

By adminowasp, 7 months ago

News

Pro-Ukrainian Hackers Strike Russian State TV on Putin’s Birthday

Pro-Ukrainian Hackers Strike Russian State TV on Putin’s Birthday Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as Read more…

By adminowasp, 9 months ago

News

A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike’s Evasion Features!

A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike’s Evasion Features! A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike’s evasion features! Contributors: UDRL Usage Considerations The built-in Cobalt Strike reflective loader is robust, handling all Malleable PE Read more…

By adminowasp, 9 monthsOctober 2, 2024 ago

News

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. “SSLoad is designed to stealthily infiltrate systems, gather sensitive Read more…

By adminowasp, 1 year ago

from email import header import requests
from requests.auth import HTTPBasicAuth
import json
import base64
def search(search, API_KEY, userName, log):
open_instances = []
usrPass = userName + ‘:’ + API_KEY
encoded_u
base64.b64encode(usrPass.encode()).decode()
url “https://api.riskiq.net/pt/v2/ssl-certificate/history?”
try:
page_number = 0
headers =
‘Content-Type’: ‘application/json’,
‘API-Key’: API_KEY,
‘Authorization’: “Basic %s” % encoded_u,
‘field’: ‘sha1’,
‘order’: ‘desc’,
‘page’: str(page_number),
‘sort’: ‘firstSeen’
response = requests.request(“GET”, url+"&query="+search, headers-headers) response_json
response.json()
for result in response_json[‘results’][0][‘ipAddresses’]:
open_instance
dict()
log.debug(“Found matching 0".format(result)))
open_instance [‘ip’] = result
if ‘port’ in result:
else:
open_instance[‘port’] = result[‘port’]
open_instance[‘port’] = ’’
except Exception as e:
log.info(“RiskIQ Serial History error: ’.format(e))
return open_instances

News

Hunting for Cobalt Strike: Mining and plotting for fun and profit | MSRC Blog

Hunting for Cobalt Strike: Mining and plotting for fun and profit | MSRC Blog Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this Read more…

By adminowasp, 2 years ago