Aaron D

With their preferred webshells, the actors moved laterally to other systems on the network by dumping credentials with a variant of the notorious Mimikatz tool and using Impacket’s atexec tool to use dumped credentials to run commands on other systems.https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/ …

#FakeLogonScreen. A utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the #ActiveDirectory or local machine to make sure it is correct and is then saved to disk. #Pentesting #RedTeamhttps://github.com/bitsadmin/fakelogonscreen …

Dropbox bug bounty program has paid out over $1,000,000. To celebrate this momentous occasion, the Dropbox Production Security team wanted to disclose, in-depth, five of our favorite reports we’ve ever received. #BugBountyhttps://blogs.dropbox.com/tech/2020/02/dropbox-bug-bounty-program-has-paid-out-over-1000000/ …

(Another Sudo bug). The discovered privilege escalation vulnerability, tracked as CVE-2019-18634, in question stems from a stack-based #bufferoverflow issue that resides in Sudo versions before 1.8.26. Exploited when the "pwfeedback" option is enabled.https://thehackernews.com/2020/02/sudo-linux-vulnerability.html?m=1 …

The emails contain an Excel spreadsheets that once downloaded, asks the victim to enable macros. Now in the background, the (VBA) programming code for macros is being enabled for the #tonedeaf malware to download to a directory. #phishing #westat #apt34https://threatpost.com/iran-hackers-us-gov-malware/152452/ …

The API endpoint targeted allows people who have created new accounts to find their friends on Twitter. The API queries which users have a phone number associated with their accounts. Someone was using a large network of fake accounts to exploit this APIhttps://www.bleepingcomputer.com/news/security/twitter-fixed-issue-exploited-to-match-phone-numbers-to-accounts/ …

SOAP API is made of an official standard while REST API is not. This makes REST API easy to use and deploy #REST uses: HTTP, JSON , URL and XML #SOAP uses: mostly HTTP and XML REST is more popular among developers than SOAP. But SOAP has better securityhttps://medium.com/datadriveninvestor/api-security-testing-part-1-b0fc38228b93 …

Mr. Schulte, 31 years old, faces 11 criminal counts, including illegal gathering and transmission of national defense information—charges that derive from the Espionage Act, a statute that has been applied in other WikiLeaks cases.https://www.wsj.com/articles/ex-cia-engineer-goes-on-trial-for-massive-leak-11580741119?reflink=share_mobilewebshare …

Sun told Raytheon that he went to Singapore and the Philippines. However, after providing inconsistent information as to his travel itinerary, Sun eventually admitted that he had travelled to China, Cambodia, and Hong Kong. #computercrimelawshttps://www.zdnet.com/article/raytheon-engineer-arrested-for-taking-us-missile-defense-data-to-china/ …

#Movekit is an extension built into #CobaltStrike for lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. Users can execute a command on a remote system through WMI, DCOM, RDP, etc. #CyberSecurityhttps://github.com/0xthirteen/MoveKit …