Remove Advertising Remove DNS Remove Penetration Testing
article thumbnail

French Firms Rocked by Kasbah Hacker?

Krebs on Security

HYAS said it quickly notified the French national computer emergency team and the FBI about its findings, which pointed to a dynamic domain name system (DNS) provider on which the purveyors of this attack campaign relied for their various malware servers. ‘FATAL’ ERROR. to for a user named “ fatal.001.” ”

DNS 315
article thumbnail

Security firm released Singularity, an open source DNS Rebinding attack tool

Security Affairs

Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks. Pierluigi Paganini.

DNS 75
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Security Affairs

The main communication channel with the C2 server is the DNS tunneling. “The x_mode command is disabled by default, but when enabled via a command received from the DNS tunneling channel, it allows RogueRobin to receive a unique identifier and to get jobs by using Google Drive API requests.” gogle [. ]

DNS 110
article thumbnail

Iran-linked APT34: Analyzing the webmask project

Security Affairs

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Leaked Source code.

DNS 108
article thumbnail

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

The malware uses DNS and HTTP-based communication mechanisms. The group also used the ‘Decrypt-RDCMan.ps1,’ that is a password decryption tool included in the PoshC2 framework for penetration testing. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DNS 107
article thumbnail

Analyzing the APT34’s Jason project

Security Affairs

Distributed in a ZIP container (a copy is available here ) the interface is quite intuitive: the Microsoft exchange address and its version shall be provided (even if in the code a DNS-domain discovery mode function is available). I’ve also been encharged of testing uVote voting system from the Italian Minister of homeland security.

article thumbnail

OilRig APT group: the evolution of attack techniques over time

Security Affairs

T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). They begun development by introducing crafted communication protocol over DNS and later they added, to such a layer, encoding and encryption self build protocols. Pierluigi Paganini.