Just found a #Telegram #cybercrime market channel where you are only allowed to write if you use the words WTB (want to buy) and WTS (want to sell). #GoogleAds , #FacebookAds , #TwitterAds and #YouTube Accounts among the most searched for accounts. #infosec #initialaccess

Did you know, that you can use search-ms to bind a WebDAV drive and filter there? This offers some possibilities for attack chains, e.g. with Java, Python, Ruby or Visual Studio. Here is a PoC for Visual Studio: More 🧵👇 #initialAccess

Explorer hides extensions of 16 file types, even if you want to see them all. If such files contain real PE (exe) content, they behave differently when you double click them. 😈 #InitialAccess #RedTeam

SVG smuggling and HTML smuggling methods are supported by both MacroPack and ShellcodePack 💡 Use --container=<name>.zip.svg to generate an evasive SVG smuggling container dropping a zip archive containing your payload ! #InitialAccess #RedTeam

The threat actor is either looking for partners to exploit known #vulnerabilities such as CVE-2023-34124, CVE-2023-33308 and CVE-2023-27997 for initial access ($20,000 per CVE) or directly buying #InitialAccess for further compromise.

Browser Cache #Smuggling Attack + Creativity When we visit any website ,there’s lot of content that our browser fetches from the websites ,like CSS,HTML ,JavaScript, Images ,Video ,etc. Now our browser actually cache (save’s a local copy) of certain data . #InitialAccess #RedTeam

Many of the current #RaaS org. can capitalize on the tools they already have. We expect that in future, the groups will also adopt other criminal business models14 to monetize #initialaccess, such as stock fraud, business email compromise (BEC), money laundering, and others.

#SaaS #killchain: #initialaccess #SAMLjacking #TrustEverybodyButCutTheCards https://t.co/ZDBJMed5Az #mitre #attack #cloudsecurity #SAML

Human-operated #attack #TrustEverybodyButCutTheCards Courtesy of #Microsoft #ThreatHunting survival guide #initialaccess #lateralmovement #persistance #mimikatz #psexec #cobaltstrike #RDP #GPO

🚨 Threat Actor "Miyako" Offering Root Access to USA State University Server 🇺🇸 Privilege: Root Access Revenue: $5.6B+ Price: $1,500 #Breach #InitialAccess #UnitedStates #Education

💡As part of #RansomwareAwarenessMonth, we continue to share #ransomware groups notorious for their malicious activities. 🔻Read our blog to learn all the details about the attacks, #InitialAccess methods, tactics, and related #malware of #BianLian. 🔗 https://t.co/WT5EKcoGDJ

🇨🇷 Un actor malicioso afirma vender acceso no autorizado al panel de control de Wordpress de una organización en #CostaRica el actor afirma tener la capacidad de implementar un shell en el servidor para permitir acceso de manera remota al comprador #InitialAccess @micittcr

#Ransomware in #OneDrive: the #attack (1/3 - #initialaccess) #TrustEverybodyButCutTheCards The first step that an #attacker would take would be to attempt to gain access to the #Microsoft365 environment.

#M365 #InitialAccess Vectors #LogSources #TrustEverybodyButCutTheCards *** Unified Audit Log The #UnifiedAuditLog (UAL) in #Microsof365 aggregates logs from various services, such as #ExchangeOnline, #SharePointOnline, #OneDrive, #MicrosoftTeams and #AzureAD.

Mastering Red Team Engagements: Your Guide to Success #RedTeam #Cybersecurity #NetworkExploitation #Phishing #InitialAccess #CyberDefense #TechIndustry #InfoSec #SecurityTesting #DeloitteInsights

💡Rejoignez moi dans mon prochain webinar afin de découvrir l'exploitation des COM Scriptlets à travers différentes implémentations. 🚀 Lien d'inscription : https://t.co/NbHLvrhTys 👉 Date et heure : Jeudi 27 Avril 2023 à 18h. #RedTeaming #initialaccess #phishing

Relative #frequency and #losses for observed #initialaccess techniques #TrustEverybodyButCutTheCards Always the same "music": #Exploit Public-Facing Application + #Phishing + External #RemoteServices Source: #Risk Insights on #ransomware by #Cyentia Institute

Is still #human the weakest link? #TrustEverybodyButCutTheCards Top 4 #initialaccess vectors from Unit 42 incident response cases in 2023 Source: #PAN #Unit42 #IncidentResponse report 2024

Seems confirmed: is only #enduser the problem? #TrustEverybodyButCutTheCards Top #initialaccess vectors #XForce observed in 2022 and 2023. Sources: X-Force and #MITREATTaCK Matrix for Enterprise framework