This post covers 2023-05-08 to 2023-05-15.
Interesting Reads#
Fraud with QR-Codes#
On reddit a user posted his fake parking ticket in San Francisco. BleepingComputer picked up on the story. This article contains the actually baffling details of a Songapore-based woman loosing a lot of money for scanning a malicious QR code. The victim installed an app on her phone to fill out a survey.
Building a Red Team Infrastructure in 2023#
This blog post serves as a base create your own red team infrastructure and hopefully helps to give an overview on the different branches.
Delivery methods#
In the article delivr.to describes the top 10 Payloads methods. These are based on observations of threat actor techniques.
deps.dev API announced#
The Open Source Insights team has built a reliable view of software metadata across 5 packaging ecosystems. The announcement was published on the Google Security Blog. The website for the open source insights is online. The source code repository is available on Github.
Tools#
- Te-k/harpoon - CLI tool for open source and threat intelligence
- lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who’s really Domain Admin? (Commercial versions available from NetSection)
- lkarlslund/hashmuncher - Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later
- LOTS Project - Living Off Trusted Sites
- LOLDrivers - Living Off The Land Drivers
- morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Python-Nmap, DNS Recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It can also perform subdomain enumeration to a great extent
- govolution/avet - AntiVirus Evasion Tool
- CMEPW/BypassAV - This map lists the essential techniques to bypass anti-virus and EDR
- t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines)