@ATTGM

0 Followers
9 Following
32 Posts
Cybersecurity Services & Solutions. CISO as a service. Cloud Security. Penetration Testing. Incident Response. Threat Hunting. Forensic Investigation. MXDR. EDR
https://attgm.com
websitehttps://attgm.com
ATTGMMay 7, 2025
https://attgm.com/mxdr/
שירות MXDR שלנו מבוסס SentinelOne ייתן לכם שקט נפשי:
תגובה מהירה לאיומים
ניטור 24/7 ע”י מומחי סייבר
חקירה וזיהוי מתקפות בזמן אמת
הגנה מנוהלת שמזהה, מגיבה ומנטרלת.
דברו איתנו עכשיו #CyberSecurity #MXDR #SentinelOne
MXDR

שירות MXDR שלנו מבוסס על פלטפורמה XDR של חברת SentinelOne, חברה המובילה בתחום EDR, XDR . פתרונות הגנה על Active Directory. ניהול אירועי סייבר

ATTGM Consulting
ATTGMMay 7, 2025

https://attgm.com/waf/

הגדרה ותחזוקה שוטפת של Web Application Firewall זה לא פרויקט חד פעמי.
אנחנו נדאג:
🔹 לחסימה חכמה של מתקפות
🔹 לעדכון חוקים רציף
🔹 לאופטימיזציה בלי לפגוע בחוויית המשתמש
הגנה לאפליקציות מתחילה ב-WAF חכם.
צרו קשר עוד היום #WAF #AppSecurity #CyberDefense

חומת אש אפליקטיבית

הגדרת ותחזוקת WAF מבית מומחי הסייבר שלנו יספקו שכבת אבטחה חזקה לאתרי אינטרנט ואפליקציות. פנו אלינו לסקר הגדרות ואופטימיזציה חומת אש אפליקטיבית

ATTGM Consulting
ATTGMFeb 15, 2025
RDP SnitchFeb 15, 2025

2025-02-14 RDP #Honeypot IOCs - 6669 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
59.12.49.138 - 5709
13.127.138.112 - 651
68.183.88.109 - 213

Top ASNs:
AS4766 - 5709
AS16509 - 651
AS14061 - 213

Top Accounts:
hello - 6603
Test - 12
glc6z2mf - 12

Top ISPs:
Korea Telecom - 5709
Amazon Technologies Inc - 651
DigitalOcean, LLC - 213

Top Clients:
Unknown - 6669

Top Software:
Unknown - 6669

Top Keyboards:
Unknown - 6669

Top IP Classification:
Unknown - 5733
hosting - 918
proxy - 18

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/THNSMr55

#CyberSec #SOC #Blueteam #SecOps #Security

2025-02-14_stats.json - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

Pastebin
ATTGMFeb 15, 2025
daudJan 25, 2025

Telegram captcha tricks you into running malicious PowerShell scripts

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into run PowerShell code that infects them with malware. The attack, spotted by vx-underground, is a new variant of the “Click-Fix” tactic that has become very popular among threat actors to distribute malware over the past year. However, instead of being fixes for common errors, this variant pretends to be a captcha or verification system that users must […]

https://whalers.ir/blog/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts/4917/

Telegram captcha tricks you into running malicious PowerShell scripts - Alireza Gharib Blog

Telegram captcha tricks you into running malicious PowerShell scripts Alireza Gharib Blog From advanced cybersecurity strategies to Unix-based automation and infrastructure solutions, discover tools, tips, and resources for modern IT professionals.

Alireza Gharib Blog
ATTGMFeb 15, 2025
Caitlin CondonFeb 13, 2025
New #Rapid7 vuln disclosure c/o @stephenfewer: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust exploitation https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED) | Rapid7 Blog

Rapid7
ATTGMFeb 15, 2025
microwavetacosFeb 13, 2025

@GossiTheDog Widespread DUO outage for legacy auth (sms,phone call), risk based auth, and access to admin panel.

https://status.duo.com

Duo Status

Welcome to Duo's home for real-time and historical data on system performance.

ATTGMFeb 15, 2025
Kevin BeaumontFeb 13, 2025

Palo-Alto
Runnin’ PHP as root
Gotta make your authentication moot

Patch CVE-2025-0108
It’s under mass spray
and was also used as a zero day

https://infosec.exchange/@greynoise/113998402225559255#.

GreyNoise (@[email protected])

Attached: 1 image 🚨 CVE-2025-0108 is being actively exploited! 🚨 GreyNoise sees live attacks on PAN-OS firewalls. Patch now. Restrict access. Stay ahead. 🔗 https://www.greynoise.io/blog/greynoise-observes-active-exploitation-of-pan-os-authentication-bypass-vulnerability-cve-2025-0108

Infosec Exchange
ATTGMDec 25, 2024
Show threadKevin BeaumontDec 25, 2024
Handala have gained access to Reutone, a SaaS CRM supplier, and forward phished customers with a Trojan. Write up later. #Handala #threatintel
ATTGMDec 11, 2024
RDP SnitchDec 11, 2024

2024-12-10 RDP #Honeypot IOCs - 3699 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
165.232.162.88 - 69
178.128.26.227 - 66
167.172.95.3 - 63

Top ASNs:
AS14061 - 3444
AS37963 - 51
AS396982 - 36

Top Accounts:
142.93.8.59 - 3429
hello - 117
Test - 42

Top ISPs:
DigitalOcean, LLC - 3303
DIGITALOCEAN - 141
Hangzhou Alibaba Advertising Co - 51

Top Clients:
Unknown - 3699

Top Software:
Unknown - 3699

Top Keyboards:
Unknown - 3699

Top IP Classification:
hosting - 2823
hosting & proxy - 738
Unknown - 102

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/FcqLMPrf

#CyberSec #SOC #Blueteam #SecOps #Security

2024-12-10_stats.json - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

Pastebin
ATTGMDec 11, 2024
Kevin BeaumontDec 11, 2024

Krispy Kreme has filed an 8K with the SEC for a cybersecurity incident. They say it will have a material impact on their business.

I have been tracking a ransomware group which I believe gained access to them in that timeframe.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1857154/000185715424000123/dnut-20241211.htm

#threatintel #ransomware