Jump to content
OpenSecurity.global

Dan Card

Members
  • Content Count

    4
  • Joined

  • Last visited

  • Days Won

    6
  • Invited by

    Glenn Pegden

Dan Card last won the day on November 13

Dan Card had the most liked content!

Community Reputation

8 Neutral

7 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I've just released a new video Matthew Haynes and I put together on exposed RDP servers on the net and how we are seeing people get ransomwared via an initial RDP brute force or cred stuffing vector.

    Hopefully people find this useful, it's our first collaborative video and was a blast to make!

     

    1. Kevin Beaumont

      Kevin Beaumont

      Good stuff 😄

    2. Dan Card

      Dan Card

      Thanks dude! Still learning the ropes with the video production game 🙂

  2. image.thumb.png.6125dce5130916eba15c97bcd0eea588.png#emotet stager/C2 data

    1. Dan Card

      Dan Card

      I was asked if I had the raw data from this... after some fiddling 😉 I exported to txt then imported to xls and filtered and here we have all requested URLS from the gestureviolet.exe process captured from fiddler! hope this is helpful! I was planning on exploding the latest payloads in the lab soon and repeating this process.

      emotet.txt

  3. Ok, from what I've seen is that people are using passive sources e.g. binaryedge to then hit boxes (clearly they won't know the offsets so likelihood of BSOD is high rather than compromise). I'll try and get a honeypot/s up this weekend
  4. My palo is offline at the minute so can't see anything. I'm asking people with bigger networks 🙂
  5. I've seen this being exploited in the wild (low skilled threat actor). has anyone else witnessed this? I've got this in the lab working against 7 SP1 on a vm.
  6. windows updates, host based firewalls, av, disabling macros, disabling shit like LLMNR/NETBIOS, using a jump box... all the boring easy (ok relatively easy) low cost shit that most orgs don't do! 🙂
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy