Zeppelin Ransomware

An attacker logged into the honeypot and dropped/ran Zeppelin within 5 minutes of logging in. Zeppelin is from the VegaLocker/Buran family. More info can be found at cylance.com and bleepingcomputer.com. According to bleepingcomputer, affiliates earn 75% of the ransom payment while the operators would earn 25%. Here’s some info from the attack. Attacker logged in…

Interesting Recon Script

An attacker dropped and ran a recon script named new1.bat. The script deleted itself after it ran but due to logging I was able to see most of the commands it ran. A list of commands can be found here. I was able to locate at least a portion of the script which was posted…

Debit vs Credit Cards

During the holidays, I occasionally get asked by family and friends if it’s safer to use debit or credit cards. In my opinion, this is an easy answer but instead of repeating the conversation numerous times, I decided to write a short blog about it. So the first question is, what is the difference between…

Defending Against Emotet

Emotet started making the rounds again a couple months ago. If you work in an enterprise environment you’ve probably seen a sample or two. Here’s an in depth write-up by Brian on Emotet TTPs. Here are a few things you can do to defend against Emotet: Block Macros Block macros from running in Word files…

Securing Your Online Accounts with 2FA

As the holidays came and went I was asked one question by family and friends more than any other. How do I keep my accounts secure? If you work in InfoSec you know this isn’t an easy question to answer but there are a few things everyone can do to secure their online accounts. Nothing…

2FA Instructions for Twitter

Here are instructions for enabling two factor authentication (2FA) on Twitter: Login to Twitter Click Profile and Settings next to Tweet on the top right, then click settings and privacy Click Set up login verification under the Security heading Add your phone number and click send code Click get backup code and save this in…

2FA Instructions for Amazon

Here are instructions for enabling two factor authentication (2FA) on Amazon: Login to Amazon Go to your account, then click Login & security Enter password Click Advanced Security Settings Click Get Started Duo Click Authenticate App Open Duo and click the + in the top right and then take picture of QR code Type in…

Kioptrix: Level 1.1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.1 Date released: 17 Feb 2010 Author: Kioptrix Download Initial scan results below Found a login page running on port 80/Apache Tried a bunch of normal username combos such as admin:admin admin:password etc. Tried a couple SQLi attempts in the username and password field but couldn’t get an error message Decided to…