Wednesday, June 1, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN)

CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.

https://us-cert.cisa.gov/ncas/current-activity/2022/06/01/karakurt-data-extortion-group

Saturday, May 28, 2022

Malware Analysis: Trickbot

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. 

Malware Analysis: Trickbot https://thehackernews.com/2022/05/malware-analysis-trickbot.html via @TheHackersNews 

Friday, May 6, 2022

Tech Tip Fortigate

 If you are like me the industry standard has turned to MFA (Multi Factor Authentication) for Administrative Accounts or connecting via VPN. 

I like and use Fortinet and the FortiGate's NGFW Systems. I was having issues with using LDAP accounts being able to bypass vpn connections with just the standard Windows Account. To be honest it would allow them to connect without a token never even prompting them for the token. 

You have to turn set username-sensitivity disable under the users profile in the CLI. 

Here is an example. 


Hope this helps some admins it was kind of a head scratcher for me. 


How to detect Password Spray attack in Active Directory

OSINT Framework & Passive Recon

Intercepting mobile traffic | Burp Suite Tutorial | Hakin9 Magazine

Python Cheat Sheet

 



Thursday, May 5, 2022

Microsoft warns Exchange Online basic auth will be disabled

 Microsoft warned customers today that it will start disabling Basic Authentication in random tenants worldwide on October 1, 2022.

This reminder comes after the company's September announcement and after seeing that there are still lots of customers who haven't yet moved their clients and apps to Modern Authentication.

Full Story @ https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-exchange-online-basic-auth-will-be-disabled/?fbclid=IwAR3ujn2Ao-RzIaD27spzlU4fjVqUyv83nPAqPnrMTgPsrGo6VsjH92JesDs