veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

296
active users

#pentesting

10 posts9 participants1 post today

Whoa, Gamaredon/Shuckworm is back at it again. Seriously, these guys just don't quit! They've got a new GammaSteel variant making the rounds, and it's targeting foreign military missions over in Ukraine. But honestly, this kind of threat? It has implications for *all* of us.

Get this: their way in is infected USB drives! I mean, seriously folks, who's still plugging random USB sticks into their machines these days?! Come on!

Here's the deal: GammaSteel quietly siphons off data in the background. Plus, their C2 servers act as the attackers' command and control hub. Toss in some PowerShell scripts, and you've got a recipe for disaster brewing.

Speaking as a pentester, sadly, I see this kind of thing way too often. It's usually simple tactics paired with surprisingly clever malware... a nasty combo.

So, what's the takeaway? Time for a serious look at your USB policy! And employee training on this stuff is absolutely crucial. Regular pentests? They're non-negotiable. Sure, automated scans are helpful, but they're *no* substitute for a seasoned pentester's eyes digging deep. (Quick side note: Ever dug into the UserAssist keys in the Windows Registry? You can uncover some interesting trails there...)

Let's talk strategy: What USB security measures do you have running in your environment? Drop your thoughts below!

Seriously, what *is* going on with the Play Store these days?! 🤯 Clients constantly ask me if the apps are actually secure... and tools like PlayPraetor? They're basically screaming NOPE!

You wouldn't believe the junk floating around. Fake apps are out there just harvesting your data. Think banking trojans, sneaky PWAs set up for phishing, Remote Access Trojans (RATs) – you name it, it's probably there. An absolute nightmare! 😠

Wondering about PWAs? They're essentially websites packaged as apps, which makes them a prime vector for phishing scams. And RATs? Those give attackers *complete* control over your device. Seriously nasty stuff! Then there's Phantom malware leveraging Accessibility Services to watch everything you do... It's intense!

Actually, this takes me back to a recent pentest where we nearly overlooked a very convincing PWA phishing page. Thinking automated scans will catch everything? Yeah, don't count on it. 🙈

So, how can you shield yourself from this mess?
1. Stick strictly to official app stores!
2. Do your homework on the developers – vet them!
3. Always check app permissions *before* installing! What do they *really* need access to?
4. Make sure you've got solid mobile security installed!

Have you ever stumbled upon a fake app? How are you keeping your Android device locked down? Share your best tips below! 👇

[Update – 8 hours later]
BashCore still holding strong.

RAM steady at 700 MB

Load average: 0.25 0.18 0.20

No GUI, no disk writes, 6 active terminals

Running from a USB 2.0 stick (8 GB!)

Host: Acer Aspire One D160 (2009, 2 cores, 2 GB RAM, no battery, Wi-Fi only) 😅

Uptime test continues. 6.5 days to go.

Yo, IT-Sec crowd! ✌️

Anyone else noticing how *everyone* seems to be talking about AI-powered security tools these days? Yeah, it's everywhere. But let's be real for a sec – are they *truly* as amazing as the hype suggests? 🤔

I mean, okay, AI can definitely be useful for spotting anomalies and patterns, no doubt about that. But here's a thought: what happens if the AI itself gets compromised? Or what about when it starts churning out false alarms simply because it doesn't *really* grasp the situation? 🤖

Honestly, I've got my reservations. While automation is certainly nice to have, I'm convinced a skilled pentester, you know, one with actual brainpower and a strategic approach, still outsmarts any AI – at least for the time being. 😎 And look, if AI eventually *does* get significantly better, well, that just means it's time for us to add another skill to our toolkit. 🤷‍♂️

So, what's your perspective on this? Do you see AI completely taking over the pentesting scene, or is that human touch going to remain irreplaceable? 🔥 Let the debate begin!

Yikes! Only 19 and already slinging malware with the help of Russian bulletproof hosting? 😳 It really hammers home how low the barrier to entry has become these days...

Let's talk Bulletproof Hosting (BPH) for a sec: These are basically your "we don't give a damn *what* you host" providers. Unsurprisingly, they're a favorite among cybercriminals. Proton66 seems to be one of the bigger players in that shady neighborhood. And yeah, it's definitely a problem. 🙄

But here's the kicker – a total rookie mistake: This person left a directory wide open on their server. BOOM! Just like that, their whole infrastructure was exposed. A classic OPSEC fail! 😅 Look, everyone's gotta start somewhere, but maybe not *quite* like this.

The individual behind this, known as 'Coquettte,' is apparently pushing malware disguised as fake antivirus software. They're using the Rugmi loader to drop info stealers like Lumma, Vidar, and Raccoon. So, definitely keep an eye out for any sketchy ZIP files or installers doing the rounds! ☝️

Bottom line: Even beginners can cause real damage, especially with services like BPH readily available. And it just goes to show, nailing those OPSEC basics is absolutely crucial!

So, what's your take on BPH? Do you see it as a serious threat, or is it more of a minor nuisance in the grand scheme of things? 🤔 Let me know below!

From day one, TShark has been an essential part of #BashCore. It’s not just a substitute for Wireshark—it’s the same powerful engine, but fully command-line. If you’re serious about network analysis and pentesting, mastering TShark is a must.

It has nothing less than Wireshark, just no GUI. Learn it, and you’ll have full control over packet capture and analysis, even on minimal systems.

wireshark.org/docs/man-pages/t

www.wireshark.orgtshark(1)

FIN7 *again*? Seriously, these guys just don't quit, do they? 🙄

Heads up – they've cooked up an Anubis backdoor using Python. And nope, *it's not* the Android Trojan people know. It's pretty wild what this thing packs: we're talking remote shell capabilities, file uploads, messing with the registry... 🤯 Basically, the keys to the kingdom!

And let me tell you from a pentester's perspective: Just relying on AV? That's *definitely* not gonna cut it anymore. We all know that, right?

Looks like they're slipping in through compromised SharePoint sites now? Yikes. The nasty part? A Python script decrypts the payload *directly in memory*, making it incredibly tough to spot! 🥴 Plus, their command and control chats happen over a Base64-encoded TCP socket.

So, keep a *sharp eye* on those ZIP attachments! Double-check your SharePoint sites' integrity. You'll also want to monitor network traffic closely (especially that TCP activity!). And make sure your endpoint security is actually up to snuff – remember, they love finding ways to bypass defenses!

How are *you* tackling threats like this one? What are your go-to tools and strategies for defense? 🤔 Let's share some knowledge!

AI in the cyber world... kinda crazy, right? 🤯

Look, AI definitely has its upsides, helping us defend better. But let's be real – the threat actors are all over it too. Phishing attempts? They're getting scarily personal. Attacks? Happening faster than ever. And your trusty old standard antivirus? Well... it's probably not cutting it anymore.

As a pentester, I'm seeing this play out daily. There's no doubt AI is making the security game a *lot* trickier. Honestly, if you're not rethinking your strategy right now, you're falling behind. Big time. 🤷‍♂️

That's where concepts like Zero Trust become so vital. But here's the thing: it can't just be lip service. It needs actual implementation! 💪 Time to walk the walk.

So, what's *your* approach? How are you adapting to stay safe in this new landscape? Got any experiences to share? Let me know below! 👇

Seriously? Looks like Water Gamayun (aka EncryptHub) is back in action. They're dropping new Windows backdoors, SilentPrism and DarkWisp, using dodgy MSI installers and MSC files.

And get this: they're even exploiting a zero-day (CVE-2025-26633). Their aim? Snatching your data and crypto wallet seeds. 🤦‍♂️

So, you know the drill: double-check those MSIs, steer clear of MSCs from sketchy sources, keep your endpoint security patched, and lock down PowerShell. Yeah, standard procedure, right?

But honestly, how many times do we need to hammer this home? And seriously, where's the 'Security by Design' we keep hearing about? 🙄

As pentesters, we see clients are grateful for the help, but man, it's disheartening seeing the same fundamental gaps over and over.

What's your take? Is the real issue a lack of funds or a lack of know-how? Let me know below. 🤔