Found 19 bookmarks
Custom sorting
Navigating Through The Fog
Navigating Through The Fog
  • An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence. Initial access was gained using compromised SonicWall VPN credentials, while other offensive tools facilitated credential theft, exploitation of Active Directory vulnerabilities, and lateral movement. Persistence was maintained through AnyDesk, automated by a PowerShell script that preconfigured remote access credentials. Sliver C2 executables were hosted on the server for command-and-control operations, alongside Proxychains tunneling. The victims spanned multiple industries, including technology, education, and logistics, across Europe, North America, and South America, highlighting the affiliate’s broad targeting scope.
#thedfirreport#EN#2025#SonicWall#VPN#ransomware#Fog#AnyDesk#PowerShell
·thedfirreport.com·
Navigating Through The Fog
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.
#aquasec#EN#2023#PowerHell#PowerShell#Gallery#typosquatting
·blog.aquasec.com·
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately
#zerodayinitiative#EN#2022#0-day#CVE-2022-41040#CVE-2022-41082#PowerShell
·zerodayinitiative.com·
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately
#zerodayinitiative#EN#2022#0-day#CVE-2022-41040#CVE-2022-41082#PowerShell
·zerodayinitiative.com·
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend