🚨 CrowdStrike Intelligence reports multiple intrusions targeting the telecommunications sector from a sophisticated actor tracked as the LightBasin activity cluster. Read all about our investigation in the @ CrowdStrike blog → https://t.co/pS3AXzouBU via @dan__mayer
A new worm, possibly a Mirai variant, is scanning for devices with the Android Debug Bridge enabled https://t.co/B1jWujIc8D
Did you know that at #VB2018, we'll have two Qihoo 360 researchers present a paper on Mirai https://t.co/rgOFRIBfCR
Are you new to #cybersecurity? Educate yourself on #incidentrepsonse essentials with the @alienvault Beginner’s Guide to Open Source Incident Response Tools & Resources. You’ll learn about effective IR and the best ⚒️ to use to achieve it. https://t.co/66qzEbNyIP
ATT&CK is stronger because of the community behind it. To help you understand what contributions and formats we're looking for, here's a short summary: https://t.co/EE77i2VdrX. Thank you to all of our awesome contributors - past, present, and future!
Here the report for analysis of PDF with embedded 'SettingContent-ms'.
Look how it works on Windows 10
Payload is loader for #AmmyRat ( http://169.239.129[.]117/cal )
C2: 185.99.132[.]119:443
PDF->Deeplink->PS->WMI->Loader->AmmyRAT
https://t.co/NrxvdfGUjs
When someone says “military grade” anything, remember that classified documents were stolen from an open FTP server run by a guy who’d just received his military issued cyber security awareness award.
Been writing Graylog alerts for the blue team all week. So awesome to watch a new blue teamer actually see the bad guy's events then excitedly start digging into the logs for more info. =)