Home Blog

Infosec_Blog 🌐

• NetSupport Remote Access Trojan

  Nematodes Medical Research Facility

• Malvertisement Post-Incident Report

  PIR - bluemoontuesday LLC.

• Silver Platter - CTF Notes

  • this is not a full write-up.

• Malicious Google Authenticator Report

  Malicious Ads on Bing Search Leads to Malware

• Startup

  CTF Details

• Ignite

  Info

• CVE-2019-9053

  Breaching a Vulnerable Site

• XSS Attack

  Log Alert

• Unit 42

  In this Sherlock, you will familiarize yourself with Sysmon logs and various useful EventIDs for identifying and analyzing malicious activities on a Windows system. Palo Alto’s Unit42 recently conducted research on an UltraVNC campaign, wherein attackers utilized a backdoored version of UltraVNC to maintain access to systems. This lab is inspired by that campaign and guides participants through the initial access stage of the campaign.

• Phishing Investigation

  

• Brutus

  Analyze the auth.log. What is the IP address used by the attacker to carry out a brute force attack?

• LLMNR/NBT-NS Poison Attack

  The client believes that there are LLMNR/NBT-NS poisoning attacks occurring within their network.

• Oski

  The accountant at the company received an email titled “Urgent New Order” from a client late in the afternoon. When he attempted to access the attached invoice, he discovered it contained false order information. Subsequently, the SIEM solution generated an alert regarding downloading a potentially malicious file. Upon initial investigation, it was found that the PPT file might be responsible for this download. Could you please conduct a detailed examination of this file?

• Web Strike

  a vulnerable web server

  the task

  A suspicious file was identified on a company web server, raising alarms within the intranet. The Development team flagged the anomaly, suspecting potential malicious activity. To address the issue, the network team captured critical network traffic and prepared a PCAP file for review.
  Your task is to analyze the provided PCAP file to uncover how the file appeared and determine the extent of any unauthorized activity.