PayPal Phishing Text Message: Account Under Review

Reading time ~3min


Today we detected a text message sent to UK mobile phones pretending to come from PayPal! Aw yes, probably classic phishing, huh…?

The text advises their ‘victims’ to visit a link so they can enter their credentials due to their account being reviewed.  The text message states “Your account is currently under review. Please complete the security form to avoid restrictions. pay-pal.support-online[.]co[.]uk“.

Continue reading “PayPal Phishing Text Message: Account Under Review”

Comparing WannaCry, NotPetya and Bad Rabbit

Reading time ~15min


All you need to know: Comparing WannaCry vs NotPetya vs Bad Rabbit

On 14 April 2017, Easter holiday, the mysterious ShadowBrokers group that over the past 7-8 months has leaked several gigabytes worth of the NSA’s weapons on software exploits published its most critical cyber weapon release on GitHub.

The latest release of the 0-days exploits targeted several Windows OS, including Windows XP, Windows Server 2012, Windows 8 and Windows 2008 R2. Microsoft addressed those vulnerabilities a few days later and were no longer 0-day exploits. As reported on Friday 14 April by Emptywheel, a ShadowBrokers release from early January gave NSA officials notice of some of the exploit names obtained by the mysterious person or group that was included on the Friday’s release. The extra time Microsoft needed to patch the bugs might have something to do with February’s unprecedented canceling of Patch Tuesday, or simply because Microsoft has paid off the Shadow Brokers secretly for the vulnerabilities.

Continue reading “Comparing WannaCry, NotPetya and Bad Rabbit”

New Ransomware dubbed ‘Bad Rabbit’ used NSA’s EternalRomance Exploit

Reading time ~10min


Earlier last week, a newly identified ransomware affected several computer systems around Europe.

The new strain of ransomware dubbed as ‘Bad Rabbit’ spreading primarily in Russia, Ukraine, Turkey, and Germany is utilising one of the leaked NSA’s exploits leaked by WikiLeaks earlier this year. According to several malware researchers and subsequent analysis, an NSA exploit (EternalRomance) was used to distribute itself and move across the network.

Cybersecurity firm Kaspersky Lab was monitoring the malware and compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year. Continue reading “New Ransomware dubbed ‘Bad Rabbit’ used NSA’s EternalRomance Exploit”

New Rapid Spreading IoT Botnet Dubbed IoT_Reaper Strikes with Millions of Zombie’s Devices

Reading time ~7min


Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices.

According to researchers, the botnet is mainly made up of IP-based security cameras, network video recorders (NVRs), and digital video recorders (DVRs).

Continue reading “New Rapid Spreading IoT Botnet Dubbed IoT_Reaper Strikes with Millions of Zombie’s Devices”

Abusing GDI Objects for ring0 Primitives Revolution

Reading time ~20min

Exploiting MS17-017 EoP Using Color Palettes

This post is an accompaniment to the Defcon 25 talk given by Saif. One of the core topics of the talk was the release of a new technique GDI object abuse technique, name Palette Objects. Saif presented a previously unreleased Windows 7 SP1 x86 exploit involving the abuse of a newly discovered GDI object abuse technique.

A complete white-paper on the topic was released and can be found here: Whitepaper

Both exploits discussed in the talk, were also released and the source code of these can be found here: https://github.com/sensepost/gdi-palettes-exp

Continue reading “Abusing GDI Objects for ring0 Primitives Revolution”