Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
#powershell #certutil #bitsadmin #Lsass #happyhunting #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #readoftheday #flaxtyphoon #ChinaChopper #metasploit #mimikatz #lolbins
Has anyone installed Metasploitable within Proxmox?
Can I just run an Ubuntu/Debian Linux container and install Metasploitable within it?
#metasploit #Proxmox
yay, my papercut #exploit finally landed in the #metasploit framework! Lots of great ideas/feedback.
Machinegun is an advanced version of #Metasploit's railgun, capable of reliably running arbitrary #Windows API functions on a remote computer and getting the results to the attacker's machine. https://github.com/Idov31/Machinegun
El lado del mal - "iBombShell: Revolution". SΓ³lo para Pentesters! https://www.elladodelmal.com/2023/03/ibombshell-revolution-solo-para.html #pentest #pentesting #pentesters #hacking #metasploit #kali #powershell
#pentest #pentesting #pentesters #hacking #metasploit #kali #powershell
The data/wordlists/password.lst password list in #Metasploit has also been updated to include the master password that #LastPass suggests as an example when a user goes to create a new master password: r50$K28vaIFiYxaY
New in #Metasploit: SugarCRM #RCE, login scanner and credential gatherer for Wowza Streaming Engine Manager, and three new methods for #PetitPotam.
Plus, admin/kerberos/forge_ticket now supports a new extra_sids option β which is useful for including cross-domain SIDs for forging external #Kerberos trust tickets as part of cross-trust domain escalation. The admin/kerberos/inspect_ticket has also been updated to support viewing these extra SID values.
More Kerberos and secrets dumping improvements in this week's wrap-up!
https://www.rapid7.com/blog/post/2023/03/10/metasploit-weekly-wrap-up-196/
#metasploit #rce #PetitPotam #kerberos
As I'm gathering screenshots my #NorthSec presentation, I look over at my other monitor and realize just how cool #Metasploit and #Meterpreter are
#northsec #metasploit #meterpreter
How to install #Metasploit on a #Linux distribution #Ubuntu #Fedora
https://infoidevice.fr/installer-metasploit-linux/
#metasploit #linux #ubuntu #fedora
Great initiative ππ» #Rapid7 Brings Threat Intel Data to the #University of South #Florida #Cybersecurity Lab π‘οΈ Rapid7 will provide the laboratory with access to its massive data initiatives, including #Metasploit, #Velociraptor, and Sonar, says Corey Thomas, Rapid7's CEO. The laboratory will support interdisciplinary research efforts by faculty experts and students and help drive a deeper understanding of the challenges defenders are currently facing. https://www.darkreading.com/edge-articles/rapid7-brings-threat-intel-data-to-usf-cybersecurity-lab #infosec
#rapid7 #university #florida #cybersecurity #metasploit #velociraptor #infosec
This week's #Metasploit wrap-up c/o @zeroSteiner:
* Running count of modules now available on Metasploit's docs site: https://docs.metasploit.com/docs/modules.html
* 2023 Google Summer of Code participation
* Basic discover script now supports commas in the RHOSTS value (also better error handling!)
* New modules: Froxlor log path RCE and an unauthenticated Javascript injection in pyLoad's Click 'N' Load service
https://www.rapid7.com/blog/post/2023/02/24/metasploit-wrap-up-194/
Don't think @RoseSecurity is on here but this guide he put together on #metasploit is well worth a read, some good tips in here that I haven't seen explained elsewhere: https://medium.com/dev-genius/mastering-metasploit-five-tips-that-i-discovered-too-late-61c5ecb7c938
New in last week's #Metasploit release:
* Exploits for Cisco RV Series #CVE_2022_20707 and GitLab #CVE_2022_2992
* Bug fix for Arch warnings when starting msfconsole
* Updates to DLL template code that allow msfvenom to use (default Metasploit) DLL templates with payloads larger than 4096 bytes (e.g., unstaged payloads).
https://www.rapid7.com/blog/post/2023/02/17/metasploit-wrap-up-193/
#metasploit #cve_2022_20707 #cve_2022_2992
It seems like there are somewhat perverse incentives around corporations like Rapid7 and Fortra building tools that end up being popularly adopted by threat actors.
Has there been any public discussion of that? Is it just old discourse and I need to catch up?
#infosec #cybersecurity #cobaltstrike #metasploit #threatintel
#infosec #cybersecurity #cobaltstrike #metasploit #threatintel
Calling all Belfast folks: Metasploit is now hiring a Lead Software Engineer. These positions don't often open and its a great chance to get to work with a great team of engineers who are very passionate about finding creative solutions. If you like working with open source software, #ruby, #rubyonrails, automation, and have worked with #metasploit Framework in the past, you'll be right at home :) https://careers.rapid7.com/jobs/lead-software-engineer-metasploit-framework-belfast-united-kingdom.
Note this job is in office in #belfast and is not remote.
#ruby #rubyonrails #metasploit #belfast