Reposted by Pinpin
Second time we've seen Turla sit on top of someone else's operation. blog.lumen.com/snowblind-th...
Snowblind: The Invisible Hand of Secret Blizzard
blog.lumen.com
December 4, 2024 at 5:31 PM
Second time we've seen Turla sit on top of someone else's operation. blog.lumen.com/snowblind-th...
Reposted by Pinpin
KrbRelayEx - a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB shares or HTTP ADCS endpoints on behalf of the targeted identity.
GitHub - decoder-it/KrbRelayEx
Contribute to decoder-it/KrbRelayEx development by creating an account on GitHub.
github.com
November 25, 2024 at 5:31 PM
KrbRelayEx - a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB shares or HTTP ADCS endpoints on behalf of the targeted identity.
Reposted by Pinpin
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
November 25, 2024 at 5:31 PM
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
Reposted by Pinpin
The number is going up. ONYPHE this morning identified 53K unique IPs based on the same check. This threat actor :
- compromises router/gateway devices
- not doing ransomware
- doesn't run away quietly when discovered
- doubles down and tries to leverage as much as possible
sounds familiar
- compromises router/gateway devices
- not doing ransomware
- doesn't run away quietly when discovered
- doubles down and tries to leverage as much as possible
sounds familiar
October 18, 2023 at 9:22 AM
The number is going up. ONYPHE this morning identified 53K unique IPs based on the same check. This threat actor :
- compromises router/gateway devices
- not doing ransomware
- doesn't run away quietly when discovered
- doubles down and tries to leverage as much as possible
sounds familiar
- compromises router/gateway devices
- not doing ransomware
- doesn't run away quietly when discovered
- doubles down and tries to leverage as much as possible
sounds familiar