Found 9 bookmarks
Custom sorting
Inside the Open Directory of the “You Dun” Threat Group
Inside the Open Directory of the “You Dun” Threat Group
  • Analysis of an open directory found a Chinese speaking threat actor’s toolkit and history of activity. The threat actor displayed extensive scanning and exploitation using WebLogicScan, Vulmap, and Xray, targeting organizations in South Korea, China, Thailand, Taiwan, and Iran. The Viper C2 framework was present as well as a Cobalt Strike kit which included TaoWu and Ladon extensions. * The Leaked LockBit 3 builder was used to create a LockBit payload with a custom ransom note that included reference to a Telegram group which we investigated further in the report.
#thedfirreport#EN#2024#Analysis#open-directory#LockBit#operational#You-Dun#group#China#tools#scan
·thedfirreport.com·
Inside the Open Directory of the “You Dun” Threat Group
I scanned every package on PyPi and found 57 live AWS keys
I scanned every package on PyPi and found 57 live AWS keys
After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤
#tomforb#EN#2022#leak#scan#AWS#keys#PyPi
·tomforb.es·
I scanned every package on PyPi and found 57 live AWS keys
Introducing Package Analysis: Scanning open source packages for malicious behavior
Introducing Package Analysis: Scanning open source packages for malicious behavior
Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.
#openssf#EN#2022#Analysis#Scan#opensource#packages#Package#behavior
·openssf.org·
Introducing Package Analysis: Scanning open source packages for malicious behavior
I scanned every package on PyPi and found 57 live AWS keys
I scanned every package on PyPi and found 57 live AWS keys
After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤
#tomforb#EN#2022#leak#scan#AWS#keys#PyPi
·tomforb.es·
I scanned every package on PyPi and found 57 live AWS keys
Introducing Package Analysis: Scanning open source packages for malicious behavior
Introducing Package Analysis: Scanning open source packages for malicious behavior
Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.
#openssf#EN#2022#Analysis#Scan#opensource#packages#Package#behavior
·openssf.org·
Introducing Package Analysis: Scanning open source packages for malicious behavior
Introducing Package Analysis: Scanning open source packages for malicious behavior
Introducing Package Analysis: Scanning open source packages for malicious behavior
Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.
#openssf#EN#2022#Analysis#Scan#opensource#packages#Package#behavior
·openssf.org·
Introducing Package Analysis: Scanning open source packages for malicious behavior