Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-08-23

Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?

isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be sent to any ports to find out if it is listing for this service.

2020 CWE Top 25 Most Dangerous Software Weaknesses

cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html The 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working.

Emotet Malware Over the Years: The History of an Active Cyber-Threat

heimdalsecurity.com/blog/emotet-malware-history/ Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But what happens when a Trojan constantly eludes everyones best efforts to stop it in its tracks?. In this article, I will go over the complex history of one of the longest-running cybercrime operations in recent history, Emotet. Keep reading to find out what it is, how it operates, and what it uses to take control of an entire network.

Why you should always scan UDP ports (part 2/2)

medium.com/bugbountywriteup/why-you-should-always-scan-udp-part-2-2-42050fb136d8 We finished part 1 having gained unprivileged access to a host in a new network. Afterwards, we wanted to gain privileges to continue. This is how we did it.. Part 1:

medium.com/bugbountywriteup/why-you-should-always-scan-udp-ports-part-1-2-d8ee7eb26727. In this story well see how we exploited snmp vulnerabilities, used a Jenkins console to call a reverse shell, bypassed firewall rules, worked around AppArmor and exploited bash injections to escalate privileges, amongst other things.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.