Devious Methods

2022-07-07 10:26:23 Credentials Dumper for Linux using eBPF - https://github.com/citronneur/pamspy Ашу / Түсініктеме

2022-07-06 07:29:41 Reversing BRc4 Red-Teaming Tool Used by APT 29

On May 19, a malicious payload associated with Brute Ratel C4 (BRc4) was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.

Blog post:
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

Reversing the Malware by IppSec:




#maldev #c2 #brc4 Ашу / Түсініктеме

2022-07-06 07:29:41 Ippsec ушел в реверс Ашу / Түсініктеме

2022-07-05 12:43:16 I DON’T KNOW BRO
I DON’T KNOW
SPEAK THE STREETS BRO
ONLY WAY DAWG
COPS DON’T KNOW
PAY THE STREETS DOUGH
SELL SOME REAL GREEN DOPE
SELL SOME REAL GREEN DOPE
MAKE SOME REAL MEAN DOUGH
MAKE SOME REAL MEAN DOUGH
(X2)



Ашу / Түсініктеме

2022-07-05 08:31:26 Про побеги из контейнеров к8с

#k8s #devsecops



Ашу / Түсініктеме

2022-07-03 19:53:49 CHASE & STATUS - DON`T BE SCARED



Ашу / Түсініктеме

2022-07-03 19:20:53 Тем временем Kubernetes Goat уже насчитывает 20 различных сценариев для атак.

#k8s #devsecops

Sensitive keys in codebases
DIND (docker-in-docker) exploitation
SSRF in the Kubernetes (K8S) world
Container escape to the host system
Docker CIS benchmarks analysis
Kubernetes CIS benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster - [Deprecated]
Analyzing crypto miner container
Kubernetes namespaces bypass
Gaining environment information
DoS the Memory/CPU resources
Hacker container preview
Hidden in layers
RBAC least privileges misconfiguration
KubeAudit - Audit Kubernetes clusters
Falco - Runtime security monitoring & detection
Popeye - A Kubernetes cluster sanitizer
Secure network boundaries using NSP

https://github.com/madhuakula/kubernetes-goat Ашу / Түсініктеме

2022-07-03 17:03:20 The differences between Docker, containerd, CRI-O and runc

https://www.tutorialworks.com/difference-docker-containerd-runc-crio-oci/





#runc #crio #docker #containerd Ашу / Түсініктеме

2022-07-03 06:01:15 Maelstrom: C2 Development Blog Series

We wanted to explore how C2s function in 2022, what evasive behavior's are required, and what a minimum viable C2 looks like in a world of sophisticated endpoint protection.

Which gave us our goals for this blog series:

- Document the internals of a minimum viable C2:
* What are the ideas behind popular C2 implementations?
* What are their goals and objectives?
- Analyse and implement evasive behaviors:
* What is required to run on a contemporary Windows system?
* What is required to bypass up-to-date, modern endpoint protection?
- Produce a proof-of-concept C2:
* What is the minimum viable C2 for an operator in 2022?
* What is required to detect this minimum viable C2?

Maelstrom: An Introduction
Maelstrom: The C2 Architecture
Maelstrom: Building the Team Server
Maelstrom: Writing a C2 Implant

#maldev #c2 Ашу / Түсініктеме

2022-07-01 23:10:00 APPSEC – HOW TO COMPROMISE KUBERNETES – FULL RED TEAM VS BLUE TEAM DEMO

#redteam #blueteam #MITRE
https://securitysandman.com/2021/04/20/how-to-compromise-kubernetes-full-red-team-vs-blue-team-demo/ Ашу / Түсініктеме