自インスタンスの #sshログ を検査していたら、また、#Censys, Inc. が隠しポートをノックしていました。

懲りませんね。

止めろ！！　止めろ！！

#prattohome

自インスタンスの #sshログ を検査していたら、また、#Censys, Inc. が隠しポートをノック。

本当に頻度が高い。こいつら、一つ一つの IP Address の すべてのポートをランダムに（管理はされている）に別々の IP Address からアクセスする方法でクロールする。内部的には一つの IP Address に対して、すべての #ポートスキャン したことになる。やり口が巧妙と言うか、汚いと言うか。あきれるほどの慎重さ。

皆さんも是非、こいつらのやっていることを自インスタンスで確認してください。

#prattohome

自インスタンスの #sshログ を検査していて、 #不正アクセス を発見。80.66.66[.]159 から。

登録名は XHOST INTERNET SOLUTIONS LP
で住所はイギリス。
使用ネットワークはフィンランドで、サーバーはフィンランド。
ところが #abuse 連絡先がロシア。

結局のところ #ロシア 勢の不正アクセスと断定。

強引にアクセスしようとして失敗。腹立たしい。

もう一件はいつもの #Censys , Inc.(167.94.138[.]52) 。こちらも腹立たしいが、ロシア勢がこの辺から情報を貰っているおそれもある。ロシア勢がいきなり隠しポートを見つける偵察行動なしで来たので。

ご用心！！

止めろ！！不正アクセス。

#prattohome

Happy Pi Day! Go check out what services are running on 🥧 port 31415:

#censys #internet #ports

https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=same_service%28services.port%3A31415%20AND%20services.truncated%3A%60false%60%29&utm_content=241455697

Still tracking ESXiArgs #ransomware & wrote up a new piece about it, looking more at:

➡️ Historically affected hosts—we initially found 2, but on further investigation found 11 more with a similar ransom note in October 2022
➡️ Spread of the 2 different variants we’ve tracked thus far
➡️ Presence of SLP on infected hosts

Read more: https://censys.io/esxiargs-history-variants-and-slp/

#threatResearch #threatHunting #CTI #censys

We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :

🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
➡️ Encryption of additional data, rendering existing decryption tools ineffective

🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.

🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.

https://censys.io/esxwhy-a-look-at-esxiargs-ransomware/

#censys #threatResearch #CTI

This was an interesting investigation of a recently disclosed #vulnerability in #SugarCRM.

#exploit #zeroday #0day #censys

https://arstechnica.com/information-technology/2023/01/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit

wrote a little bit about the #log4j vulnerability and how things look one year later. 🫣

tl;dr: things aren't *bad*, but why aren't they better? a lot of things got patched and upgraded over 2022, but there are still a non-trivial number of potentially vulnerable devices out there.

#cve #vulnerability #log4shell #infosec #internet #censys

https://censys.io/tis-the-season-%F0%9F%AB%A3-a-look-back-at-the-critical-log4j-vulnerability/

wrote a little bit about the #log4j vulnerability and how things look one year later. 🫣

tl;dr: things aren't *bad*, but why aren't they better? a lot of things got patched and upgraded over 2022, but there are still a non-trivial number of potentially vulnerable devices out there.

#cve #vulnerability #log4shell #infosec #internet #censys

https://censys.io/tis-the-season-%F0%9F%AB%A3-a-look-back-at-the-critical-log4j-vulnerability/

Interested in fingerprinting C2 severs? Check out these 20+ Censys Search for identifying them: https://github.com/thehappydinoa/awesome-censys-queries#security-applications

Just added Empire C2, Raccoon Stealer V2 (RecordBreaker C2), AsyncRAT, and more.
What would you like to see added next?

#osint #censys #dorks #c2 #rat #fingerprinting

I am working on a collection of fascinating Censys Search queries. Have a interesting query you want to add? Contributions welcome! https://github.com/thehappydinoa/awesome-censys-queries #osint #censys #dorks #query

#shodan and #censys have a competitor.

https://www.zoomeye.org/

#rc3 watching live 🔴

Internet of Telemetry: I Know What You Did Last Lockdown https://pretalx.com/rc3/talk/306433/

#MQTT #Python #geoJSON #Shodan #Censys