mechaneus
@mechaneus.bsky.social
Lead Penetration Tester | #RedTeam aspirant | #CRTO, #CRTE, eCPTXv2, #CISSP, PNTP, #OSCP, 2xCCIE, NSE7 | #infosec #redteam #pentest
My research: https://mechaneus.github.io/
My research: https://mechaneus.github.io/
Reposted by mechaneus
NEW: Hackers modified a video game to lace it with malware and then put it on Steam with the goal of stealing gamers' passwords —and for a few days, it worked.
Researchers found that the malware is Vidar, and the game was built on top of a pre-existing video game template.
Researchers found that the malware is Vidar, and the game was built on top of a pre-existing video game template.
Hackers planted a Steam game with malware to steal gamers' passwords | TechCrunch
Researchers found that PirateFI was never designed to be a real game, but a vehicle to infect gamers with malware and steal their passwords with an infostealer called Vidar.
techcrunch.com
February 18, 2025 at 5:26 PM
NEW: Hackers modified a video game to lace it with malware and then put it on Steam with the goal of stealing gamers' passwords —and for a few days, it worked.
Researchers found that the malware is Vidar, and the game was built on top of a pre-existing video game template.
Researchers found that the malware is Vidar, and the game was built on top of a pre-existing video game template.
Reposted by mechaneus
China's Salt Typhoon hackers are still breaching telecom networks worldwide, including two in the US in Dec-Jan, says Recorded Future. Lately they're exploiting Cisco devices with unpatched 2023 bugs and seem undeterred by high profile exposure and sanctions. www.wired.com/story/chinas...
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers
Despite high-profile attention and even US sanctions, the group hasn’t stopped or even slowed its operation, including the breach of two more US telecoms.
www.wired.com
February 13, 2025 at 5:06 AM
China's Salt Typhoon hackers are still breaching telecom networks worldwide, including two in the US in Dec-Jan, says Recorded Future. Lately they're exploiting Cisco devices with unpatched 2023 bugs and seem undeterred by high profile exposure and sanctions. www.wired.com/story/chinas...
Reposted by mechaneus
Ross Ulbricht's Xitter is being spammed with accounts which appear to be associated with him (image 1). However, the accounts are not. When you try to view the "official" Ross Ulbricht Telegram channel it asks to verify your identity (image 2).
It gives free malware! ♥️♥️♥️
It gives free malware! ♥️♥️♥️
January 22, 2025 at 6:17 AM
Ross Ulbricht's Xitter is being spammed with accounts which appear to be associated with him (image 1). However, the accounts are not. When you try to view the "official" Ross Ulbricht Telegram channel it asks to verify your identity (image 2).
It gives free malware! ♥️♥️♥️
It gives free malware! ♥️♥️♥️
Reposted by mechaneus
Also cool is, that Wireshark directly allows you to start an application with this environment variable set. So you can launch a browser from within Wireshark and directly decrypt and analyze the TLS traffic. 😃👌
December 24, 2024 at 11:06 AM
Also cool is, that Wireshark directly allows you to start an application with this environment variable set. So you can launch a browser from within Wireshark and directly decrypt and analyze the TLS traffic. 😃👌
Reposted by mechaneus
My Pentesting Methodology Upskill Challenge on Just Hacking is now available! Methodology is an important part of pentesting and I hope you enjoy this short course. www.justhacking.com/uc/uc-penetr...
UC - Penetration Testing Methodology - Just Hacking Training (JHT)
Phillip Wylie introduces penetration testing methodology with a focus on what organizations expect during and after an engagement.
www.justhacking.com
December 24, 2024 at 6:17 PM
My Pentesting Methodology Upskill Challenge on Just Hacking is now available! Methodology is an important part of pentesting and I hope you enjoy this short course. www.justhacking.com/uc/uc-penetr...
Reposted by mechaneus
Manhom.com
Large databases with detailed info about 240K+ persons from arab regions 🇦🇪🇱🇧🇾🇪🇯🇴. Biographies, social media profiles, related peoples and more.
The site also allows you to track changes on the pages of people you are interested in.
Tip by twitter.com/ScullyInt
Large databases with detailed info about 240K+ persons from arab regions 🇦🇪🇱🇧🇾🇪🇯🇴. Biographies, social media profiles, related peoples and more.
The site also allows you to track changes on the pages of people you are interested in.
Tip by twitter.com/ScullyInt
November 29, 2024 at 11:55 PM
Manhom.com
Large databases with detailed info about 240K+ persons from arab regions 🇦🇪🇱🇧🇾🇪🇯🇴. Biographies, social media profiles, related peoples and more.
The site also allows you to track changes on the pages of people you are interested in.
Tip by twitter.com/ScullyInt
Large databases with detailed info about 240K+ persons from arab regions 🇦🇪🇱🇧🇾🇪🇯🇴. Biographies, social media profiles, related peoples and more.
The site also allows you to track changes on the pages of people you are interested in.
Tip by twitter.com/ScullyInt
Reposted by mechaneus
Shortly following the announcement of the Threat Actor "Remi" being arrested, we were contacted by "Remi" in proxy by a party which is close to him.
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
November 27, 2024 at 1:00 AM
Shortly following the announcement of the Threat Actor "Remi" being arrested, we were contacted by "Remi" in proxy by a party which is close to him.
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
Reposted by mechaneus
Small technical update: Impacket and therefore NetExec now support LDAP Channel Binding🔥
Finally you can use all the great features NetExec has to offer even in more mature environments
Finally you can use all the great features NetExec has to offer even in more mature environments
November 26, 2024 at 5:05 PM
Small technical update: Impacket and therefore NetExec now support LDAP Channel Binding🔥
Finally you can use all the great features NetExec has to offer even in more mature environments
Finally you can use all the great features NetExec has to offer even in more mature environments
Reposted by mechaneus
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Reposted by mechaneus
Is this a good and/or practical malware delivery method? No, probably not. It can easily be stopped and requires a lot of work.
Is it a cool and badass idea? Yes
Is it a cool and badass idea? Yes
November 24, 2024 at 7:42 PM
Is this a good and/or practical malware delivery method? No, probably not. It can easily be stopped and requires a lot of work.
Is it a cool and badass idea? Yes
Is it a cool and badass idea? Yes
Reposted by mechaneus
17 Free/Partly Free Tools for Comprehensive Email Investigation
Telegram bots
Online tools
Email to Username tools
Google dorks for email search
osintteam.blog/explore-17-f...
by twitter.com/osinteam
#osint
Telegram bots
Online tools
Email to Username tools
Google dorks for email search
osintteam.blog/explore-17-f...
by twitter.com/osinteam
#osint
October 29, 2024 at 11:51 PM
17 Free/Partly Free Tools for Comprehensive Email Investigation
Telegram bots
Online tools
Email to Username tools
Google dorks for email search
osintteam.blog/explore-17-f...
by twitter.com/osinteam
#osint
Telegram bots
Online tools
Email to Username tools
Google dorks for email search
osintteam.blog/explore-17-f...
by twitter.com/osinteam
#osint
Reposted by mechaneus
DualCore and I spoke at the Red Team Village this year. Here are the slides. QR code with link to gist with all the reference links on last page. Unfortunately it wasn't recorded.
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
Modern Red Teaming: macOS, K8s, and Cloud - RTV 24 (Public)
Modern Red Teaming: macOS, K8s, and Cloud Carnal0wnage int0x80
docs.google.com
November 24, 2024 at 7:35 PM
DualCore and I spoke at the Red Team Village this year. Here are the slides. QR code with link to gist with all the reference links on last page. Unfortunately it wasn't recorded.
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
Reposted by mechaneus
Good morning, or evening.
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
vx-underground.org/Archive/Disp...
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
vx-underground.org/Archive/Disp...
Vx Underground
The largest collection of malware source code, samples, and papers on the internet.
vx-underground.org
November 25, 2024 at 3:34 AM
Good morning, or evening.
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
vx-underground.org/Archive/Disp...
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
vx-underground.org/Archive/Disp...
Reposted by mechaneus
I've just updated Shortscan to support reading a list of URLs to scan from a file (and included a minor bugfix). Feedback welcome! The latest version is v0.9.2 and can be found on Github: github.com/bitquark/sho...
GitHub - bitquark/shortscan: An IIS short filename enumeration tool
An IIS short filename enumeration tool. Contribute to bitquark/shortscan development by creating an account on GitHub.
github.com
November 25, 2024 at 12:55 AM
I've just updated Shortscan to support reading a list of URLs to scan from a file (and included a minor bugfix). Feedback welcome! The latest version is v0.9.2 and can be found on Github: github.com/bitquark/sho...
Reposted by mechaneus
New AMSI Bypass Technique Modifying CLR.dll in Memory
New AMSI Bypass Technique Modifying CLR.dll in Memory
practicalsecurityanalytics.com
November 21, 2024 at 3:39 PM
New AMSI Bypass Technique Modifying CLR.dll in Memory
Reposted by mechaneus
Chinese data broker services on Telegram are recruiting insiders at China's state surveillance agencies, paying them as much as $10k a day for their access, then reselling it for cheap searches of almost every kind of personal info imaginable. www.wired.com/story/chines...
China’s Surveillance State Is Selling Citizen Data as a Side Hustle
Chinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.
www.wired.com
November 21, 2024 at 2:46 PM
Chinese data broker services on Telegram are recruiting insiders at China's state surveillance agencies, paying them as much as $10k a day for their access, then reselling it for cheap searches of almost every kind of personal info imaginable. www.wired.com/story/chines...
Reposted by mechaneus
HawkEye Malware: Technical Analysis
HawkEye Malware: Technical Analysis
any.run
November 14, 2024 at 8:39 AM
HawkEye Malware: Technical Analysis
Reposted by mechaneus
OR-Based SQL Injection Without the Dangers! Safe Alternatives to OR 1=1!
Watch now! youtu.be/EpCA4HF-aUM
Watch now! youtu.be/EpCA4HF-aUM
November 13, 2024 at 3:02 PM
OR-Based SQL Injection Without the Dangers! Safe Alternatives to OR 1=1!
Watch now! youtu.be/EpCA4HF-aUM
Watch now! youtu.be/EpCA4HF-aUM
Reposted by mechaneus
Nice Windows RPC exploration tool:
github.com/silverf0x/Rp...
github.com/silverf0x/Rp...
GitHub - silverf0x/RpcView: RpcView is a free tool to explore and decompile Microsoft RPC interfaces
RpcView is a free tool to explore and decompile Microsoft RPC interfaces - silverf0x/RpcView
github.com
November 11, 2024 at 10:48 PM
Nice Windows RPC exploration tool:
github.com/silverf0x/Rp...
github.com/silverf0x/Rp...
Reposted by mechaneus
New report out of global government security agencies about the Top 15 vulnerabilities they see actively exploited today.
Summary: www.vulnu.com/p/these-15-b...
Summary: www.vulnu.com/p/these-15-b...
November 12, 2024 at 9:41 PM
New report out of global government security agencies about the Top 15 vulnerabilities they see actively exploited today.
Summary: www.vulnu.com/p/these-15-b...
Summary: www.vulnu.com/p/these-15-b...
Reposted by mechaneus
Cracking binaries with r2ai visual mode:
www.youtube.com/watch?v=UxE5...
www.youtube.com/watch?v=UxE5...
r2con2024 - day3 - dnakov - Cracking binaries with r2ai visual mode
YouTube video by r2con
www.youtube.com
November 12, 2024 at 9:21 PM
Cracking binaries with r2ai visual mode:
www.youtube.com/watch?v=UxE5...
www.youtube.com/watch?v=UxE5...