Technical Analysis – Loki Bot Malware Campaign
LokiBot was first advertised and it originated in underground forums in 2015 as an information stealer and keylogging software. Since then, it has added various capabilities and affected many...
1 Pandemic, 3 Threat Groups, 1 new Ransomware and a Vulnerability, what do you get? A recipe for a great hack!
April 20, 2020
Introduction: As the world plunges into the pandemic chaos, cyber attackers show little or no remorse on attacking enterprises, hospitals, and critical infrastructures using sophisticated techniques. FBI has warned against the rise of cyber attacks across the globe taking advantage of the crisis. One such sophisticated technique is to exploit the vendors product vulnerability in […]
Analysis of REMCOS RAT Campaign
Remcos is a remote access trojan, or malware that takes remote control of infected computers. A "company" called Breaking Security creates and sells this trojan to customers. Although the malware...
MSDT – Dogwalk Exploited In the Wild
Every day there are news reports about a new threat of some kind, or a successful attack resulting in loss of data, loss of reputation, or, millions of dollars lost. A new Microsoft zero-day...
Active Directory Penetration Dojo – SPN Tickets and Kerberoasting
Hi everyone, we’ve discussed basics of Active Directory and different servers in AD in previous blog posts of this series. If you’ve not yet read that, you can find those on the LMNTRIX Labs...
Active Directory Penetration Dojo – AD Environment Enumeration
Hi everyone, we’ve discussed basics of Active Directory and different servers in AD in previous blog posts of this series. We’ve also understood trust relationships in AD environment. If you’ve...
Active Directory Penetration Dojo – Creation of Forest Trust (Part 3)
Hi everyone, Welcome to the third part of the setup series on Pentesting lab in AD environment. In the previous posts, we learnt about the Active Directory basics and the different servers in AD...
Active Directory Penetration Dojo – Setup of AD Penetration Lab (Part 2)
Hi everyone, Welcome to the second part of the setup series on Pentest lab in AD environment. We hope your basic concepts about AD and Domain Controller are cleared at this point. If you still...
Active Directory Penetration Dojo – Setup of AD Penetration Lab (Part 1)
Hello everyone, welcome to the series of Active Directory Penetration Dojo. This series is for people who’ve used Windows but haven’t worked on Active Directory. This blog will be focusing...
Babuk Ransomware Linux Variant Analysis
After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate...
The REvil Ransomware Rampage. Kaseya under attack!!
In this article, we primarily focus on a Turkish APT group APT-C-41(aka StrongPity and Promethium). The LMNTRIX Labs threat research team brings together some of the payloads used by APT-C-41(aka...
Loading...