Hunting for Log4j RCE (CVE-2021-44228) using RSA Netwitness
zam So, if you read my previous article; Hunting for Log4j RCE (CVE-2021-44228) using Splunk & Excel, last time we leveraging Splunk as our platform to hunt event/logs related to this…
zam
Hunting for Log4j RCE (CVE-2021-44228) using Splunk & Excel
As you are aware, there are new Log4j vuln (CVE-2021-44228) vuln been disclosed and exploited in the wild currently. So, I’m using Splunk query as below; based from Splunk blog…
Carbon Black query searching for malicious NPM library – coa & rc
Based on GitHub Advisory Database:https://github.com/advisories/GHSA-g2q5-5433-rhrf – Embedded malware in rchttps://github.com/advisories/GHSA-73qr-pfmq-6rp8 – Embedded malware in coa rc affected versions:= 1.2.9= 1.3.9= 2.3.9 coa affected versions:= 2.0.3= 2.0.4= 2.1.1= 2.1.3= 3.0.1= 3.1.3…
Break-In Analyzer – Quickly analyze auth.log, secure, utmp & wtmp logs for possible SSH break-in attempts
Recently, I encountered incident where several hosts been infected by < █████████ >. So, to investigate this incident, we received bunch of logs to be analyze; mostly Linux related logs.…
Protected: HackTheBox.eu – Illumination (Forensics 20 points)
There is no excerpt because this is a protected post.
Protected: HackTheBox.eu – oBfsC4t10n (Forensics 60 points)
There is no excerpt because this is a protected post.
Protected: HackTheBox.eu – oBfsC4t10n2 (Forensics 70 points)
There is no excerpt because this is a protected post.
Protected: HackTheBox.eu – USB Ripper (Forensics 20 points)
There is no excerpt because this is a protected post.
Carbon Black query for Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Carbon Black query that can be use to detect if any MSHTML RCE happened (probably need to be refined more): Search if any assets making connections towards IOCs (known IOCs…
Extracting password from data leaks dump files
Recently I’ve read about this data leak; COMB: largest breach of all time leaked online with 3.2 billion records. According to the article, it was known as “Compilation of Many…