Update: metatool.py Version 0.0.4
-
metatool.py is a tool to help with the analysis of Metasploit or Cobalt
Strike URLs. I added option -a to provide URLs via the command-line.
metatool_V0_0_...
זמין מיידית לעבודה חדשה
-
שלום למבקרים באתר, אני זמין כעת מיידית לעבודה חדשה, כשכיר או כעצמאי, כמובן
בתחום אבטחת המידע. אפשר למצוא פרטים מקצועיים נוספים אודותיי וגם ליצור אתי
קשר ...
My Last Email with W. Richard Stevens
-
In the fall of 1998 I joined the AFCERT. I became acquainted with the
amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard
Stevens...
What a lovely sunset
-
Oh, hi. Long time no blog, eh?
Well, it is time to sunset this blog, I will be deleting it in the next few
weeks.
So long, and thanks for all the fis...
Simple PHP webshell with php filter chains
-
Recently found an LFI in a PHP application and one of the cool things I
learned about recently was PHP filter chains. More info here:
https://www.synacktiv...
Hacking Solidity For fun and profit
-
Introduction
After a long period of silence I am now going to write a post for hacking
Solidity smart contracts for dummies (like me). The easiest way to p...
Tracking WMI Activity with PSGumshoe
-
WMI (Windows Management Instrumentation) is the Microsoft implementation of
the Web-Based Enterprise Management (WBEM) and Common Information Model
(CIM) s...
Renewed SideWinder Activity in South Asia
-
A few months ago, Trend Micro released a post which encapsulated the
SideWinder APT group activity in the past year, showcasing SideWinder’s
mobile malware...
Jupyter Notebook for crt.sh Queries
-
I created a Jupyter Notebook to query the crt.sh website, dump the results
into a pandas data frame, and then printing out the unique list of results
to th...
Lucky Break
-
One of the things I do from time to time is throw out an open ended
question on Twitter. Sometimes I’m making a point, sometimes I just want
to amuse myse...
CoalaBot : http Ddos Bot
-
CoalaBot appears to be build on August Stealer code (Panel and Traffic are
really alike)
I found it spread as a tasks in a Betabot and in an Andromeda sp...
Big Changes Around the Corner for the IoT
-
The IoT is transforming before our eyes due to increasing regulations,
growing demand for security standards and advancements in the telecom
industry.
T...
ROOTCON 11 Venue
-
This years ROOTCON 11 will be held at Taal Vista Hotel in Tagaytay on
September 21-22, 2017. We announced the venue as early as now so you can
plan ahead...
Citadel 0.0.1.1 (Atmos)
-
Guys of JPCERT, 有難う御座います!
Released an update to their Citadel decrypter to make it compatible with
0.0.1.1 sample.
Citadel 0.0.1.1 don't have a lot of do...
Dridex Down Under
-
Raytheon | Websense® Security Labs™ has been tracking malicious email
campaigns associated with the Dridex banking Trojan since 2014. An
interesting deve...
Forensic
-
אחת מהבעיות העיקריות בביצוע תהליך FORENSIC הוא לאחר ביצוע תהליך שיכפול ה -
Harddisk (על פי כל התקנים של שיכפול ביט אחרי ביט), היא לבצע מחקר על *מחשב
חיי...
TrustKeeper Scan Engine Update – February 4, 2015
-
The latest update to the TrustKeeper scan engine that powers our Trustwave
Vulnerability Management product (including both internal and external
vulnerabi...
RSA Announces End of RSA Security Conference
-
Aims to bring clarity to cloudy marketing messages through exhibit hall
chotskies Bedford, MA., – April 1, 2014 – RSA, the security division of
EMC, today ...
botCloud – an emerging platform for cyber-attacks
-
Hosting network services on Cloud platforms is getting more and more
popular. It is not in the scope of this article to elaborate the advantage
of using Cl...
Available actions
Currently Docker Scan support these actions:
Scan: Scan a network trying to locate Docker Registries
Registry
Delete: Delete remote image / tag
Info: Show info from remote registry
Push: Push an image (like Docker client)
Upload: Upload a random file
Image
Analyze: Looking for sensitive information in a Docker image.
Looking for passwords in environment vars.
Try to find any URL / IP in the environment vars.
Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
Extract: extract a docker image
Info: Get a image meta information
Modify:
entrypoint: change the entrypoint in a docker
trojanize: inject a reverser shell into a docker image
user: change running user in a docker image
What's the difference from Clair or Docker Cloud?
The purpose of Dockerscan is different. It's foccussed in the attack phase.
Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.
Documentation
Documentation is still in progress...