Lmst

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
https://gbhackers.com/new-ransomware-attack-targets-elon-musk-supporters/

#Infosec #Security #Cybersecurity #CeptBiro #RansomwareAttack #PowerShell #Payloads

EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells
https://gbhackers.com/eagerbee-malware/

#Infosec #Security #Cybersecurity #CeptBiro #EAGERBEE #MalwareUpdated #Payloads #CommandShells

Added integration tests for ronin-payload's new payload encoders and discovered that Python2 does not support evaling a print statement. Python3 however added support for this.

>>> eval('print "test"')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<string>", line 1
    print "test"
        ^
SyntaxError: invalid syntax

Lol, wtf, how did people seriously tout Python2 over Python3. Even Ruby and JavaScript are more consistent.

#python2 #payloads #roninrb

When you refer to a UNIX/Linux/macOS/BSD or sh/bash/zsh command payload, what do you common refer to them as?

#namingthings #payloads

and how would you group Windows PowerShell command payloads in a directory structure of other payloads?
#namingthings #payloads

How would you group Windows cmd.exe command payloads in a directory structure of other payloads?
#namingthings #payloads

Ronin 2.1.0 has finally been released! Lots of new stuff in this release, like new database tables, new payloads, ronin-recon, ronin-app, and more.
https://ronin-rb.dev/blog/2024/07/22/ronin-2-1-0-finally-released.html
#ronin #roninrb #ruby #infosec #securitytools #recon #payloads #opensource

Russian Firm Develops Missile Equipped Armored Robot
https://defensemirror.com/news/36949/Russian_Firm_Develops_Missile_Equipped_Armored_Robot

#Russia #Rostec #ImpulseM #Robotics #CombatModule #AntiTankMissileSystem #Gumich #ModularDesign #Payloads #ArtificialIntelligence #TrackedChassis #CargoTransportation #MultiVariantCommunication #ElectronicSuppressionSystems #NavigationSystem #FieldMaintainability #PrototypeTesting #CombatPlatform

Russian Firm Develops Missile Equipped Armored Robot
https://defensemirror.com/news/36949/Russian_Firm_Develops_Missile_Equipped_Armored_Robot

#Russia #Rostec #ImpulseM #Robotics #CombatModule #AntiTankMissileSystem #Gumich #ModularDesign #Payloads #ArtificialIntelligence #TrackedChassis #CargoTransportation #MultiVariantCommunication #ElectronicSuppressionSystems #NavigationSystem #FieldMaintainability #PrototypeTesting #CombatPlatform

How useful would you say a command injection payload that exfils a single file via curl to a webserver might be? Do you think it should be built-in to a framework or offered as a 3rd-party thing?
#pentesting #exploitdev #payloads

You've probably heard of the xz-utils backdoor by now. You shouldn't submit backdoors to Open Source projects... unless it's to ronin-payloads! We're always looking for more payloads!
#opensource #ruby #payloads #shellcode #webshells #hacking #corny #shamelesspromotion

TIL Nashorn is a JavaScript VM written in Java and gives direct access to Java classes. There's even a reverse shell payload for it, which has apparently been improved/fixed by this chap @mosesrenegade who's on here.
https://gist.github.com/mosesrenegade/dd565dba9360a84b3c2d6e44b8381dbd
#reverseshells #nashorn #payloads

📬 LOTS: GitHub und seine zunehmende Rolle in der Cyberkriminalität
#ITSicherheit #DeadDropResolver #github #GitHubRepository #livingofftheland #LivingoffTrustedSites #LotL #LOTS #Payloads #RecordedFuture https://sc.tarnkappe.info/6b482f

For a tool that compiles C payloads, how would you prefer to specify the cross-compiler?
#payloads #pentesting #redteaming #exploitdev

🇨🇳 #LandSpace is targeting a hop test 🚀 later this month, during which a stainless steel prototype of #Zhuque3’s first stage would lift off to a height of about 100 metres and land back on Earth in a controlled manner.
It will be able to lift #payloads up to 21.3 tonnes to #LEO when expendable, or 18.3 tonnes when the first stage is recovered down range, or 12.5 tonnes when the first stage returns to the #LaunchSite https://www.scmp.com/news/china/science/article/3245027/spacex-rival-pioneering-chinese-firm-unveils-big-rocket-design-elements-resembling-starship-and

#ReusableRocket

#Web #Fundamentals

Heute #Command #Injection Part 2 😃
Das Prinzip ist klar, die zig Möglichkeiten wie man Filter umgehen kann jedoch noch nicht wirklich. Das praktische Beispiel habe ich nur mit dem gegebenen #CheatSheet lösen können. Einfach ein paar Befehle ausprobiert und sogar mit mehreren Erfolg gehabt. Befehl entsprechend dem Gesuchten angepasst und schwups schon kam man an die Lösung. 🎉

Aber selbst auf die #payloads zu kommen...das dauert noch 👀

https://github.com/payloadbox/command-injection-payload-list

[8🔥] #tryhackme

"🔍 Deep Dive into Malvertising: Techniques & Tactics 🕵️"

The malvertising campaign under the spotlight uses a unique fingerprinting method to distribute time-sensitive payloads. Malicious ads target software like Notepad++ and PDF converters. A two-tier filtering system is in place: 1️⃣ IP checks to discard VPNs and non-genuine IPs, 2️⃣ System fingerprinting to detect VMs. Those who pass are directed to a decoy site resembling the real Notepad++ website. The payload is a .hta script, uniquely named for each victim, making it time-sensitive. This level of sophistication in malvertising campaigns is alarming, indicating a shift in tactics and techniques by threat actors.

Source: Malwarebytes Blog by Jérôme Segura

Tags: #MalvertisingDeepDive #CyberThreats #Evasion #Fingerprinting #Payloads #CyberSecurityTrends 🧐🔗🚫