SCADA, A PLC’s Story
Previous month I've been a speaker at the M0leCon Conference (Turin, Italy, 30 November) with a talk named: SCADA, A PLC's Story During the last few years, SCADA quickly gained the major news headlights with different frightening articles: from STUXNET to breaches like the electrical power supply grid in Ukraine (December 2015). Since SCADA systems are actively used across various industries (oil & gas, pharma, power plants, critical infrastructures) to perform critical operations on daily basis, SCADA security has also become a...
SolarPuttyDecrypt
During a recent Red Team engagement, I was able to become domain admin on the client’s network; I decided to investigate further into the “sys admin” workstations and management network in order to recover more information about the network topology and assets, dumping more password and gaining access to firewalls/switches and servers’ VLANs. Enumerating the sysadmin’s workstations, I discovered a windows tool used to connect via SSH. TL;DR SolarPuttyDecrypt is a post-exploitation/forensics tool to decrypt SolarPuTTY's sessions files and retrieve plain-text credentials. It...
Cerber Dropper Ransomware Analysis
Before the month ends (I’m sorry but my time was really sucked up by planning and developing the HackInBo’s CTF, that I hope you will enjoy) I would like to post this very small and brief analysis of the latest JavaScript dropper used by the Cerber Ransomware in its campaign. I would also like to thank the Hacktive Security’s guys for the following sample: Dropper: MD5 afd5aa687ed3931d39f180f8e15500e1 SHA1 11460389a303e58086a2b7dbdab02437fb001434 SHA256 8b00174be5f9dd6a703bc5327e1be4161cd3922ca9a338889717370b53d4ca71 Cerber Ransomware: MD5 2dd3bd1801989ff6625aa041761cbed3 SHA1 08f28d5a7d32528fdb2b386334669d6b2b4226cb SHA256 a27c202bffde364fc385e41a244649e8e7baaec97c44c45cd02bb59642e1fb0e This time I will not...
Keybase
Recently, a malware known as KeyBase, is "triggering" some of my sensors. KeyBase was distributed in February 2015 and sold for about $ 50 (in its first version), It remained active until May and then disappear from internet. During November it is back up with thousands of infections (v1.5). Keybase is a malware with limited capabilities belonging to the families of keyloggers and info-stealers. Malware Overview Keybase is written in C# and among its features we can find: Keylogging HotLogging(Keylogging ofspecific windows.ex. Paypal,... KeyBase
Da un po’ di tempo a questa parte, un malware conosciuto col nome di KeyBase, è ricomparso nei log di alcuni dei sensori che monitoro. Distribuito durante Febbraio 2015 nella versione 1.0 e acquistabile per circa 50$, è rimasto attivo fino a Maggio per poi sparire dalla rete. Da Novembre è tornato attivo (v1.5) con migliaia d’infezioni. Keybase è un malware dalle limitate capacità appartenente alla famiglia dei keylogger e info-stealer. You can read this article in English. Malware Overview Keybase è scritto in...
Pirate’s Night Show
Durante le scorse settimane, grazie alla regia di Daniele_KK e al presentatore Pinperepette, abbiamo lanciato il Pirate’s Night Show. Che cos'è il pirate night show? Il PNS è un talkshow innovativo che tratta di sicurezza informatica, mescola interessi e scambi d’opinioni, completamente in italiano e con un format particolare e interattivo e ogni puntata porta con sé grandi ospiti. Puntiamo a fare formazione, sopratutto tecnica ma anche divulgativa riguardante gli aspetti della sicurezza informatica e dell’hacking (nel senso innovatore del termine appunto). Possiede...
