For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks…
VMware Skyline Advisor Pro Proactive Findings – August 2023 Edition
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of August, we released 63 new Findings. Of these, there are 36 Findings based … Continued
The post VMware Skyline Advisor Pro Proactive Findings – August 2023 Edition appeared first on VMware Support Insider.
More Exotic Excel Files Dropping AgentTesla, (Wed, Aug 23rd)
Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others! Just check your local registry:
Have You Ever Heard of the Fernet Encryption Algorithm?, (Tue, Aug 22nd)
In cryptography, there is a gold rule that states to not develop your own algorithm because… it will be probably weak and broken! They are strong algorithms (like AES) that do a great job so why reinvent the wheel? However, there are projects that try to develop new algorithms. One of them is Fernet[1], described like this:
Quick Malware Triage With Inotify Tools, (Mon, Aug 21st)
When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It's impossible to investigate all files and a key point is to find interesting files that deserve more attention. In my malware analysis lab, I use a repository called my "Malware Zoo" where I put all the files. This repository is shared across different hosts (my computer, REMnux and Windows virtual machines). This helps me to keep all the "dangerous files" in a central location and avoid spreading dangerous stuff everywhere. When you analyze a malware, you'll quickly generate more files: You extract shellcodes, configurations, DLLs, more executables and those files should also be analyzed. To perform a quick triage with basic operations, I rely on the Inotify[1] suite.
SystemBC Malware Activity , (Sun, Aug 20th)
This month, my DShield sensor captured for the first time this request: /systembc/password.php. I checked back for the past 6 months and only have noticed this request this 5 times this month from 4 different sources. According to some references, this is likely the SystemBC Remote Access Trojan (RAT), all 4 IPs are part of the Digital Ocean ASN and only one has been reported as likely malicious. Several samples have been reported to Any.run this month.
10 top new articles created in July 2023 for ESXi, vCenter and more!
July has brought a fresh wave of VMware Knowledge Base (KB) articles. From optimizing cluster management to navigating vCenter upgrades, these articles offer a treasure trove of knowledge. Join us as we unpack the highlights of these KB articles and explore how they can shape and enhance your virtualization journey.
The post 10 top new articles created in July 2023 for ESXi, vCenter and more! appeared first on VMware Support Insider.
From a Zalando Phishing to a RAT, (Fri, Aug 18th)
Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German retailer of shoes, fashion across Europe. It was the first time that I saw them used in a phishing campaign.
Top 5 newly created KB articles in July 2023 for NSX-T and HCX.
Today we’re covering critical issues and helpful insights related to NSX-T to HCX and beyond! This is a roundup of newly created articles in July 2023 so be sure to check them to be ahead of any arising issues!
The post Top 5 newly created KB articles in July 2023 for NSX-T and HCX. appeared first on VMware Support Insider.
Command Line Parsing – Are These Really Unique Strings?, (Thu, Aug 17th)
There are occassions where data needs to cleaned prior to use. One example came to me while reviewing passwords submitted to one of my DShield honeypots. There appeared to be duplicate passwords, even when I attempted to export unique values from the command line.