Threat Actor Techniques
Presented by Jeremy Junginger at FIRST security conference 2014
This demo presents a realistic attack scenario exhibiting some of the methods and techniques used by threat actors to compromise an internal network, from the Internet.
Going through random security videos & reading since past few weeks. Here’s a nice video on malware analysis, from Shmoocon 2013. I found it useful for a quick revision of topics on the subject. …
A pentester performs several types of network scans during a test. These are usually sequential in nature, that is, we proceed with each scan, …
Hacking Safaribooks and downloading videos offline
I have a safaribooks account. A few hours back, I was going through a video series on safari & I thought I should download it for offline reference. Makes it easier to study.
To start with, a vulnerability is a weakness in the target system which creates a security risk – that it can be exploited.
An exploit is a way, …
1. TCP SYN sent
TCP SYN / ACK received
=> Target TCP Port is open
Reading up on Nmap. Thought of sharing this quick post.
Nmap probes a target before scanning it for open ports and services.
This write-up shows how you can get up & running with client-side / phishing assessment using Metasploit Pro 4.0.
Let’s start by creating a new project. …
In continuation to reverse engineering malware series, this is the fifth post. I will recommend that you read my first, second, third and fourth posts to be in sync with whole exercise.
In previous posts, we performed behavioral and code analysis of the malware specimen – slackbot. We identified that the bot executable was packed with UPX packer. Since UPX has native unpacking capabilities as well, we had unpacked the specimen exe and learnt more about its code & operations during code analysis. Subsequently we were able to gain control over the bot.
This is in continuation to my previous posts on reverse engineering malware. Therefore, I would strongly recommend that you go through the posts one, two, and three, before moving forth with this one.
If you recall, in the last post, we used disassembling and debugging techniques on the specimen to our utility and successfully identified the correct IRC login password.
But is there a way to simply modify or bypass this whole password protection mechanism in the bot? If authentication process can be controlled, that’d be awesome. So, here it is; this post will show you just that.