Showing posts from April, 2020

OSINT blog: Where's Bond?

I recently attended a virtual conference, for the first time, which was brilliantly organised by The Many Hats Club (#TMHCIsolationCon). There were many great talks and I advise watching as many as you can. All speakers were great, and I thoroughly enjoyed them. One of the speakers, @TheCyberViking , presented his talk called 'Trill of the Hunt' (he's Irish 😄). CyberViking (a/k/a Dean)'s talk was really interesting and got me in the mood for some OSINT and Capture the Flag competitions (CTF).  In this blog I test my OSINT skills to see if we can find 007, aka Bond, James Bond.  First thing's first we work with what we have been given (the title image) and inspect it for any clues:  So what do we see?  We see one of the world's most iconic (and probably best) landmark - Big Ben.  We can also see a white building with a Green/Grey rooftop and an old Victorian-era looking building opposite Bond.  So we can find Big Ben pretty easily on Google

Scout Sniper-grade OSINT website reconnaissance

Initial Disclaimer:  I have focused on using open source tools for this blog due to their accessibility and general ease of use. I have purposely not included premium tools like Spiderfoot HX, Nessus, Burp Suite, or others I have used in the past, or more invasive ones like FOCA, NMAP/Zenmap and Dirb, because it’s not the focus of this blog. Those tools also require permission use to before scanning any site. Further, that I am not, or ever have been, a scout sniper or in the military, but I have always admired military ethos and the focus on decision making skills. Although, I do know someone who is. ︻デ═一 If you are a website owner or on the security team of an organisation, it’s always worth seeing through the eye of a potential attacker to scout your perimeter and check your defenses. Another reason to use OSINT tools is because most threat actors will not typically be using enterprise-grade tools either - other than APTs. The general idea is to self-footprint what yo

XploitSPY: New Android spyware designed by ethical-ish hackers

As the COVID-19 lockdown continues, there has been an increasing number of mobile threats appearing on the threat landscape. Android devices are by far the main targets of threat actors which have been delivering fake apps in the form of malicious .APK files to install banking Trojans, like Cerberus , as well as a number of spyware and SMS worms. ESET's malware expert, Lukas Stefanko, along with Malware Hunter Team, have uncovered and analysed an interesting new open-source Android Trojan called XploitSPY.  XploitSPY - new open-source Android Spying Tool -already spreads on UND forums -developed by cyber security solutions company from #India 🇮🇳 (3 ethical hackers) -they have 25years of exper. but based on photo they are under 30 -they also open-sourced Instagram phishing solution — Lukas Stefanko (@LukasStefanko) April 13, 2020 According to the researchers the malware has been designed by three ethical

OSINT Investigation: Cerberus and the INPS

On 1 April 2020, the Italian National Institute for Social Security (INPS) experienced an unexpected outage on its website, leaving many Italians distressed and confused. This is due to the fact that the Italian government has offered a rescue package of €600 to assist with those experiencing hardship during lockdown, during the coronavirus pandemic. However, with the website being offline those who need help are temporarily unable to get it. Suddenly, a tweet from the infamous Anonymous Italy (@Anon_ITA) led some to believe that the site was taken down due to a distributed denial of service (DDoS) attack from the activist group. Once the translation is made, however, it becomes clear that the site was taken down via the IT administrators' own means, not because of a DDoS attack, Anonymous Italy admits. As of 6 April 2020 the site was still down, DDay Italy then investigated the true meaning behind its outage and found that because the site was placed behind the Aka

MyDoom persists into 2020

MyDoom still holds the world record for fastest-spreading email worm of all time. It was first discovered in January 2004 and remains active today in 2020. Few threats possess the effectiveness and longevity of MyDoom. MyDoom is also cited as the world’s most costly cyber attack in history. The malware has caused an estimated $38 billion (£31bn) in damage over its lifespan. The initial version of MyDoom was programmed to launch a distributed denial-of-service (DDoS) attack against a site for the SCO Group, which had filed an intellectual property suit against IBM over its alleged use of Linux code. The attack was programmed to launch 1 February, 2004 and end 12 February, sending a request to the website every millisecond. After the worm ended its DDoS attacks, the backdoor left by the worm would still be active. It meant future malware and threat actors can manipulate the infected machines that were never cleaned.  The authors of the initial worm were never found or cau