Tag Archive for: Toolkit

‘No Pineapple’ Hacking Campaign Reveals North Korean Toolkit

/in


Cybercrime
,
Cyberwarfare / Nation-State Attacks
,
Endpoint Security

Espionage Campaign Bore Telltale Signs of Pyongyang – And a Major OPSEC Failure

Jayant Chakravarti (@JayJay_Tech) •
February 2, 2023    

'No Pineapple' Hacking Campaign Reveals North Korean Toolkit
A picture of a lot of pineapple, the opposite of the “No Pineapple” North Korean hacking campaign (Image: Shutterstock)

A threat intelligence firm spotted North Korean hackers engaged in technological espionage in a campaign that betrayed recurring elements of the Pyongyang hacking toolkit.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Cybersecurity firm WithSecure says* it detected a campaign targeting the medical research and energy sectors that came to its attention after endpoint detection scans showed a Cobalt Strike beacon on a customer’s servers connecting to known threat actor IP addresses.

Researchers from the Finnish company dub the campaign “No Pineapple,” taking the name from the apparently fruit-loving software developer of a remote access Trojan called acres.exe deployed by the hackers. The tool truncates data exfiltration messages greater than 1,024 bytes with the message “No Pineapple!”

Many campaign indicators point to North Korea and possibly to the government hacking unit Mandiant identifies as Bureau 325. Attribution to North Korean hackers often occurs under the catchall rubric of Lazarus Group, but Mandiant argues that different cyber units specialize in different types of operations despite nearly all North Korean cyber activity…

Source…

Equipment to include in a computer forensic toolkit

/in


For those beginning their computer forensic investigator career, an important aspect to consider is what equipment is needed to carry out successful investigations.

While software is a critical component of the job, examiners should have a complete computer forensic toolkit that consists of a computer workstation and a response kit to take out into the field.

In Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, computer forensic investigator and author William Oettinger teaches new and experienced investigators everything they need to search for and analyze digital evidence, including which software and hardware to consider.

In the following excerpt from Chapter 2, learn about the forensic analysis process, starting with a look at the equipment Oettinger recommends including in a computer forensic toolkit. Download a PDF of the rest of Chapter 2 here.

Check out an interview with Oettinger, where he offers advice on starting down the computer forensic investigator career path.

The Forensic Analysis Process

We will now discuss the forensic analysis process. As a forensic investigator, you will need to create a strategy that will enable you to conduct an efficient investigation. You also need to make sure you are familiar with your tools and the results that they will provide. Without a process, you will waste time examining data that will not impact your investigation, and you will not be able to rely on your tools. In addition, you want to make sure you get valid results from the tools you deploy. Finally, to be thorough and efficient, you must use critical thinking to determine the best investigation or exam method.

Book cover image for Learn Computer Forensics by William OettingerClick here to learn more about

Learn Computer Forensics.

While there are similarities in every investigation, you will find differences that will require you to have an exam strategy to be efficient. I am not a fan of keeping an examination checklist because there will be areas that aren’t relevant, such as different operating systems, physical topography of the network, criminal elements, and suspects. These variables ensure that no two examinations or investigations are the same and will…

Source…

SPHINX Real-time Cyber Risk Assessment

/in



Menlo Security Launches Free Security Assessment Toolkit to Help Companies Identify Highly Evasive Adaptive Threats (HEAT) Fueling Ransomware & Data and Credential Theft | News

/in


MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Jun 21, 2022–

Menlo Security, a leader in cloud security, today announced that it has released the HEAT Security Assessment Toolkit designed to provide organizations with the ability to assess their levels of protection and current exposure to Highly Evasive Adaptive Threats (HEAT). Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks. These attacks allow threat actors to deliver malicious content, including ransomware, to the endpoint by adapting to the targeted environment. The HEAT Security Assessment Toolkit includes a HEAT Check test and a HEAT Analyzer that runs on the Splunk Platform. The HEAT Check enables customers to run a light penetration test to identify if they are susceptible to HEAT attacks. The Menlo Security HEAT Analyzer App for Splunk provides organizations with visibility around HEAT attacks that their network may have been exposed to over the past 30 days.

What is a HEAT Attack?

Highly Evasive Adaptive Threats (HEAT) are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade multiple layers of detection in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware attacks.

“Ransomware, data and credential theft and other malware are on the rise. Couple this with the Log4J vulnerability, the Lazarus and Conti groups increased attacks targeting web browsers and the result is security teams worldwide facing a nearly non-stop barrage of incidents,” said John Grady, Senior Analyst, ESG. “Tools such as the HEAT Security Assessment can help ensure companies are aware of potential attacks before they have a chance to happen.”

HEAT Security Assessment Toolkit

The HEAT Security Assessment Toolkit provides a lightweight penetration and exposure assessment to help an organization better understand their susceptibility to HEAT attacks.

“HEAT attacks are defined by the techniques that adversaries are increasingly using to evade…

Source…