OnMouseMove-HtmlFile-PoC : Unpacking The HTML File Exploit In Russian APT Cyberattacks
PoC for onMouseMove HTML file used in the Russian APT Group campaign targeting Ukraine The HTML File is included as an attachment in the phishing email, when the victim opens the html file and moves the mouse, this triggers the event handler attribute "onmousemove" which runs the Javascript, which further decodes the base64 encoded blob present in the HTML Body....
AWS CDK – Cloud Development Kit
AWS CDK uses the familiarity and expressive power of programming languages for modeling your applications. It provides high-level components called constructs that preconfigure cloud resources with proven defaults, so you can build cloud applications with ease. Prerequisites You have python3 installed and setup locally in your system path, refer to the docs for installation You have installed and configured the AWS CDK locally Ensure you have all...
K3S – Lightweight Kubernetes
The docker container runtime must be used to complete some of the included scenarios. K3s uses containerd by default, so adding docker support requires the following steps during installation Ensure docker version is up-to-date. Reference this repo curl https://releases.rancher.com/install-docker/20.10.sh | sh Change cgroup to cgroupfs because k3s does not use systemd cgroup echo -e '{n "exec-opts": ["native.cgroupdriver=cgroupfs"]n}' | sudo tee /etc/docker/daemon.json sudo systemctl daemon-reload sudo systemctl restart docker Install...
Microsoft Azure – Cloud Computing Services
Azure Kubernetes Services (AKS) is Microsoft's managed kubernetes offering running on Azure. Explore the robust capabilities of Microsoft Azure in our comprehensive guide to cloud computing services. This article delves into Azure Kubernetes Services (AKS), Microsoft's managed Kubernetes offering that enhances the scalability and efficiency of your applications. Get started with a step-by-step setup guide and practical tips to maximize...
ELFieScanner – Advanced Threat Detection Techniques In Linux Process Memory
A C++ POC for advanced process memory scanning that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits. ELFieScanner inspects every running process (both x86/x64) and its corresponding loaded libraries to look for evil. It then outputs the resultant telemetry into a NDJSON file. ELFieScanner offers four...
AWS – Amazon Web Services
Elastic Kubernetes Service (EKS) is a managed kubernetes offering by AWS. Discover how to harness the power of Amazon Web Services (AWS) to deploy a robust, scalable Kubernetes environment. This tutorial guides you through setting up an EKS cluster, configuring essential tools like eksctl, kubectl, and awscli, and deploying the Kubernetes Goat for real-world application testing. Perfect for beginners and...
KiND – Kubernetes IN Docker
kind is a tool for running local Kubernetes clusters using Docker container "nodes". kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI. Prerequisites You have kind installed and setup locally in your system, refer to the docs for installation Ensure you have cluster-admin access to the Kubernetes cluster. Also you have installed the kubectl and in the path, refer to the docs...
Kubernetes – Standard Cluster
If you are already having a Kubernetes standard vanilla cluster environment and wanted to set up Kubernetes Goat, then you are in the right place. The below section contains the step-by-step instructions to set up the Kubernetes Goat in the standard cluster. Prerequisites Ensure you have cluster-admin access to the Kubernetes cluster. Also you have installed the kubectl and in the path, refer to the...
SharpIncrease – Mastering Malware Obfuscation To Bypass Security Detection
Adversaries may use binary padding to add junk data and change the on-disk representation of malware. This can be done without affecting the functionality or behavior of a binary, but can increase the size of the binary beyond what some security tools are capable of handling due to file size limitations. Binary padding effectively changes the checksum of the file...
Deployment Instructions – Setting Up The PinguCrew Project With Docker, Python, And Node.js
At the moment the default configuration when the run_server butler command uses docker containers to run the MongoDB, rabbit-mq and minio services. It is mandatory to have docker service installed in case the the fault configuration is used. To install docker you can refer to the official installtion instructions Install Docker Engine: Python To run the backend server and the Pingu bot it is...
