Upstream attacks that capitalize on a brand value, reputation or popularity ![]() These examples show why attackers find value in targeting legitimate platforms that many firewalls and security monitoring tools may not block. In April, attackers abused GitHub Actions to target hundreds of repositories in an automated attack that used GitHub’s server and resources for cryptocurrency mining. Likewise, automation tools that developers rely on are not immune to being exploited. Cobalt Strike is a popular pen-testing framework to simulate advanced real-world cyberattacks, but like any security software product, it can be misused by adversaries. Recently, crafty attackers abused GitHub and Imgur combined using an open-source PowerShell script that made it possible for them to host a simple script on GitHub that calculates Cobalt Strike payload from a benign Imgur photo. GitHub has also been abused to host malware from Octopus Scanner to Gitpaste-12. ![]() In a more recent example, Xavier Mertens at SANS Institute spotted one such malware sample written in Python that contained base64-encoded code to plant a backdoor on the infected system that used Ngrok.īecause Ngrok is widely trusted, the remote attacker could connect to the infected system via an Ngrok tunnel, which will likely bypass corporate firewalls or NAT protections. But malicious actors have abused Ngrok to directly install botnet malware, or connect a legitimate communications service to a malicious server. Typically, Ngrok is used by ethical hackers interested in collecting data or setting up mock tunnels for inbound connections as a part of bug bounty exercises or pen-testing engagements.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |