SharpHound Detection: https://ipurple.team/2024/07/15/sharphound-detection/

#threatdetection #threathunting #sharphound

Из лета в зиму: как хакеры сменили сезон для виртуального склада на Standoff

Привет! На связи организаторы кибербитвы Standoff, и в этой статье мы с командой 5HM3L поделимся с вами одним из свежих кейсов. В майской кибербитве принял участие наш партнер «Научно-производственное предприятие „Исток“ им. Шокина». Компания тестировала защищенность своей платформы IIoT.Istok . Как ломали российский промышленный IoT — рассказываем под катом. Повзламываем IIot?

https://habr.com/ru/companies/pt/articles/839156/

#cybersecurity #взломы #standoff13 #pentest #iiot #cobalt_strike #SharpHound #nmap #chisel #metasploit

📥 Interesting #opendir
45.84.1[.]161:8081
Hosted at AS44477 Stark Industries Solutions Ltd. 🗑️

Obf. #Sliver Linux #Implant and a Powershell script which tries to bypass AMSI and runs #Sharphound

From the choice of hosting provider we infer malicious intent rather than #RedTeam

Artifacts (#IoC)

ff32a69075d9eb59ea5d25207d3ee775 rtn_default
2fe7fb5ff2679de37673997b96958d08 rtn_info.ps1

Samples available @abuse_ch Bazaar:
https://bazaar.abuse.ch/sample/763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b/

https://bazaar.abuse.ch/sample/f5ab886

#infosec #cybersecurity

Good morning all and #happywednesday! I stumbled across this article by Secureworks which does a fantastic job at gathering artifacts the appear to better understand the #SharpHound collector that helps #BloodHound gather information. This is a great article with the trail of artifacts that come from the network and the host. This type of article always takes me back to where I started which is when I stumbled across the 'Tool Analysis Result Sheet' from the JPCERT/CC. Both are great resources and I hope you enjoy them as much as I did! Have a wonderful day and Happy Hunting!

Sniffing Out SharpHound on its Hunt for Domain Admin
https://www.secureworks.com/blog/sniffing-out-sharphound-on-its-hunt-for-domain-admin

Tool Analysis Result Sheet
https://www.jpcert.or.jp/english/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023

Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day

*SharpHound Cheat Sheet*

https://github.com/SadProcessor/HandsOnBloodHound/blob/master/BH21/BH4_SharpHound_Cheat_Dark.pdf

#sharphound #bloodhound #cheatsheet