Cyber Crime Research Lab

By Dr. Peter Stephenson | Cyber crime technology research and news from the cyber underground.

FinalRecon - OSINT Tool For All-In-One Web Reconnaissance

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with …

OSINT

DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.<p>The tool will flag the matches for …

GitHub

Using Ghidra to attack crackme

First Download crackme from the site MalwareTech , the password to the archive - too MalwareTech.<p>So, let's see what is in the archive. We see the …

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis …

Bypassing AD account lockout for a compromised account

Mark MoBlockedUnblockFollowFollowing<p>Apr 9<p>Bypassing AD account lockout for a compromised account<p>This is for educational purposes only. Never do …

Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls

This post details how to bypass firewalls to gain access to the Cardholder Data Environment (or CDE, to use the parlance of our times). End goal: to …

Sniff-Paste: OSINT Pastebin Harvester

Multithreaded pastebin scraper, scrapes to mysql database, then reads pastes for noteworthy information.<p>Use sniff-paste.py to go through the entire …

OSINT

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with …

Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers

<i>by Marco Dela Vega, Jeanne Jocson and Mark Manahan</i><p>Over the years, Emotet, the banking malware discovered by Trend Micro in 2014, has continued to be …

Analyzing Emotet with Ghidra — Part 2

Cafe BabeBlockedUnblockFollowFollowing<p>Apr 22<p>This post is a continuation from Part 1.<p><b>SHA256:</b></b> …

APIs

Analyzing Emotet with Ghidra — Part 1

Cafe BabeBlockedUnblockFollowFollowing<p>Apr 18<p>This post I’ll show how I used Ghidra in analyzing a recent sample of Emotet.<p><b>SHA256:</b></b> …

Kaspersky: 70 percent of attacks now target Office vulnerabilities

That's more than four times the percentage the company was seeing two years before, in Q4 2016.<p>×<p>threat-landscape-2016-2018.png<p>Microsoft Office …

Say hello to Baldr, a new stealer on the market

<i>By William Tsing, Vasilios Hioureas, and Jérôme Segura</i><p>Over the past few months, we have noticed increased activity and development of new stealers. …

'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level

Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.<p>Looks like you've hit …

TrickerBot malware attacks are ramping up ahead of Tax Day

A powerful data-stealing malware campaign with a tax theme is on the rise to target unsuspecting filers ahead of Tax Day.<p>TrickBot, a financially motivated trojan, infects Windows computers through a malicious Excel document sent by a specially crafted email. Once infected, the malware targets …

Mimikatz Credential Theft Techniques

This blog shares information on some examples of how the CrowdStrike® Falcon® OverWatch™ team has observed the open-source tool known as Mimikatz …

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware « Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Summary<p>Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out …

LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files

A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages …

This new malware is scanning the internet for systems info on valuable targets

Newly identified Xwo malware could be laying the groundwork for far more damaging cyberattacks around the globe, warn researchers.<p>A new form of …

Mapping Out a Malware Distribution Network - AlienVault - Open Threat Exchange

More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include …

The Journey to Try Harder: TJNull’s Preparation Guide for PWK/OSCP

Table of Contents:<p>Overview<br>• Dedication<br>• A Word of Warning!<br>• Section 1: Getting Comfortable with Kali Linux<br>• Section 2: Essential Tools in Kali<br>• Section 3: …

Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to …

How To: Compromise a Web Server & Upload Files to Check for Privilege Escalation, Part 1

Information gathering is one of the most important steps in pentesting or hacking, and it can often be more rewarding to run things on the target …

​How to differentiate between AI, machine learning, and deep learning

Tech leaders need to put AI and its subcategories into practice—and into common business vocabulary that everyone can understand.<p>Sage, a purveyor of …

Machine Learning

FIN7 Revisited: Inside Astra Panel and SQLRat Malware – Flashpoint

<i>By Joshua Platt and Jason Reaves</i><p>Despite the arrests of three prominent members of the FIN7 cybercrime gang beginning in January 2018, attacks …

Analysis of a Chrome Zero Day: CVE-2019-5786

1. Introduction<p>On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE …

Bank hackers team up to spread financial Trojans worldwide

The gang agreements focus on theft, malware capabilities, and territory grabs.<p>Banking Trojans are popular in cybercriminal schemes given the valuable …

How To: Gain SSH Access to Servers by Brute-Forcing Credentials

SSH is one of the most common protocols in use in modern IT infrastructures, and because of this, it can be a valuable attack vector for hackers. One …

New Ursnif Variant Targets Japan Packed with New Features

In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy …