Recently, we observed a high number of users been infected by Lumma Stealer. Upon investigating, we observed that the user been infected thru same vector; “Clickfix” infection chain. The attack…
The Challenger Recently Malcore.io post at X/Twitter a reversing challenges. The is related to script that is hosted here – https://raw.githubusercontent.com/Internet-2-0/file-samples/master/scripts/powershell/stacy.ps1 Dive! Dive! Dive! At first glance, we saw what…
As usual, real the description given. It says that “a file” been “transferred” to another “internal computer“. So we know that this might involving traffic between 2 internal IPs. Download…
Recently, I got an incident related to Windows Defender detected & quarantined file related to some backdoor. The MDE alert details show something like this: Usually, we go with the…
Recently I’ve read about this data leak; COMB: largest breach of all time leaked online with 3.2 billion records. According to the article, it was known as “Compilation of Many…
Question: Let’s try connect to the domain & port given via netcat Hmm. There’s mathematic question that we need to solve. But we’re too slow on solving it.. What if…
Recently I’ve observed a phishing mail as below:https://www.virustotal.com/#/file/cf027dd938f1a268f45f2ea786dc538ab47f35006fb12d0b64e0867bccf789c0/detection – clean The file seems to be clean per VT. Interestingly, on details sections, found 2 URLs under OpenXML Doc Info; section…
Recently we received an alert from our WAF related to an attack towards our environment. Further review of the alert found that the attacker is using Oracle WebLogic RCE Deserialization…
As you read in the title above; to update your Python packages via pip. for Linux/*nix: p/s: you may need to run as sudo. Probably. for Windows: Credit: http://stackoverflow.com/questions/2720014/upgrading-all-packages-with-pip
There is one time I see this kind of error: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL…
zam