CyberDacians

The Cyber Dacians - StageOne team was honored to take part in the Red Team / Blue Team exercise prepared by The National Institute for Research & Development in Informatics - ICI Bucharest focused on the security of critical infrastructure SCADA systems.

Our technical team developed a SCADA module attached to the StageOne offensive tool that was used to manipulate registries in the SCADA ModBus software.

Critical infrastructure cybersecurity is vital for the resiliency of the sector and we were pleased to contribute with valuable insights into how cybersecurity assumptions can be breached and improved over time through on-going attack simulations.

Thank you Pavel Prodaniuc, Tamás Bakos and Paul Barbat for your ongoing efforts in improving the quality of the technology we are building!

ICI București - Institutul Național de Cercetare-Dezvoltare în Informatică a derulat, în data de 23 noiembrie 2022, un exercițiu de tip Blue Team / Red Team pentru infrastructura critică de tip SCADA.

La exercițiu, au participat reprezentanți ai mai multor infrastructuri critice din România, din domenii precum IT, energie, industria chimică, transporturi etc. Acestea au avut calitatea de Blue Team, cu misiunea de a proteja obiectivele exercițiului. Red Team-ul a fost reprezentat de către Cyscoe - Cyber Security Cluster of Excellence (Clusterul de Excelență în Securitate Cibernetică), utilizând un software ofensiv, dezvoltat de CyberDacians.

Considerăm că implicarea industriei în evenimente de acest tip cresc reziliența infrastructurii critice din România si demonstrează existența nevoii de colaborare dintre mediul public și privat pentru a avea acces la securitate avansată împotriva atacurilor dinamice.

În acest context, amintim faptul că ICI București a introdus anul trecut ocupația de Specialist în securitatea cibernetică a sistemelor automatizate de comandă-control în Clasificarea Ocupațiilor din România.

Romanian consortium among 21 selected to explore trusted content on future blockchains - Cluj IT cluster At present, trust in mainstream media is lower than ever. In the current media landscape, publications are driven by click-based ad revenue. To increase the number of views (and therefore to increase their income), publications tend to take journalistic shortcuts (like not thoroughly verifying the f...

Suntem încântați să anuntam ca Cyber Dacians face parte din proiectul European Horizon numit Fighting disinformation using decentralized actors featuring AI and blockchain technologies (FiDisD), un proiect cu greutate strategică pentru lupta împotriva dezinformării.

După 5 ani de eforturi susținute împotriva dezinformării prin think-tank-ul creat de noi, Intel4Patriam, realizăm că fenomenul dezinformării a crescut vertiginos, atât în societatea românească cât și în afara sa. Cyber Dacians va contribui la acest proiect cu consultanță cu privire la tactici și proceduri utilizate momentan, consultanță de securitate cibernetică pentru a asigura securitatea informațiilor stocate și a utilizatorilor și cu procesul general de inovare care va avea loc pentru dezvoltarea unei unelte de impact regional.

Ne aflăm la o intersecție importantă a intereselor geopolitice, ceea ce cauzează o intensă confruntare în mediul digital pentru controlul narativelor și sentimentelor. Acest consorțiu se va pozitiona în prima linie a frontului războiului informațional și va utiliza tactici inovative de detecție și stocare de date relevante pentru lupta împotriva dezinformării!

Cum vrea să combată dezinformarea din presă un consorțiu condus de Universitatea Tehnică „Gheorghe Asachi” din Iași - Digitalio Un consorțiu condus de Universitatea Tehnică „Gheorghe Asachi” din Iași, consorțiu din care face parte și DIGITALIO, alături de alți membri ai Cluj IT Cluster, a câștigat un proiect european care își propune să combată dezinformarea din mass-media utilizând tehnologia blockchain ș...

CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag

CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE

https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/

insinuator.net Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also c...

You’ve Got (0-click) Mail!

https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/

Cleanly Escaping the Chrome Sandbox

ESCAPING THE CHROME SANDBOX
https://theori.io/research/escaping-chrome-sandbox

theori.io This post will explain how we discovered and exploited Issue 1062091, a use-after-free (UAF) in the browser process leading to a sandbox escape in Google Chrome as well as Chromium-based Edge.

"Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC"

https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec

chaignc on Twitter

Cool trick for testing shellcode
https://twitter.com/chaignc/status/958757223966085121

twitter.com “From now on, here is how you will test your !”

Extracting and Making Use of Chrome Passwords

Extracting and Making Use of Chrome Passwords

https://blog.elcomsoft.com/2018/01/extracting-and-making-use-of-chrome-passwords/

blog.elcomsoft.com Extraction of Google Chrome passwords

Zoom’s Waiting Room Vulnerability - The Citizen Lab

Zoom’s Waiting Room Vulnerability
https://citizenlab.ca/2020/04/zooms-waiting-room-vulnerability/

citizenlab.ca We describe a security issue where users in the “Waiting Room” of a Zoom meeting could have spied on the meeting, even if they were not approved to join.

DNS Exfiltration tool for stealthily sending files over DNS requests:

https://github.com/m57/dnsteal

Cisco Networking Academy. Build your skills today, online. It’s Free

Cisco has 245 hours of free training available.

Introduction to Cybersecurity - 15 hours
Introduction to Internet of Things - 20 hours
Entrepreneur - 70 hours
Programming Essentials in Python - 70 hours
Linux Essentials - 70 hours

https://www.cisco.com/c/m/en_sg/partners/cisco-networking-academy/index.html

cisco.com Cisco Networking Academy. Build your skills today, online. It’s Free

Campionatul European de Securitate Cibernetică

🏁 Am dat START înscrierilor pentru faza națională de selecție (online) a lotului echipei României pentru Campionatul European de Securitate Cibernetică 2020!

✍️ Înscriere: http://www.cybersecuritychallenge.ro/inscriere/

👨‍🏫 Condiții: http://www.cybersecuritychallenge.ro/conditii-de-inscriere/

🇷🇴

Binary Exploitation 01 — Introduction

New Blog Post! Go check it out!
https://medium.com/cyber-dacians/binary-exploitation-01-introduction-9fcd2cdce9c6

medium.com GREETINGS FELLOW HACKERS! It’s been a while since our last post, but this is because we’ve prepared something for you: a multi episodes…

Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings

Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
https://blog.netspi.com/decrypting-azure-vm-extension-settings-with-get-azurevmextensionsettings/

blog.netspi.com As a local admin on an Azure VM, run Get-AzureVMExtensionSettings script to decrypt VM extension settings, possibly including Administrator credentials.

Understanding Hardware-enforced Stack Protection

Understanding Hardware-enforced Stack Protection
https://techcommunity.microsoft.com/t5/windows-kernel-internals/understanding-hardware-enforced-stack-protection/ba-p/1247815

techcommunity.microsoft.com

milabs/stamina

Linux Kernel Stack Monitoring tool
https://github.com/milabs/stamina

github.com (Linux Kernel) Stack Monitoring Tool. Contribute to milabs/stamina development by creating an account on GitHub.

Speeding up Linux disk encryption

Speeding Linux Disc Encryption
https://blog.cloudflare.com/speeding-up-linux-disk-encryption/amp/?__twitter_impression=true

blog.cloudflare.com Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!

Take Down MacOS Bluetooth with Zero-click RCE

MacOS Bluetooth RCE
http://blogs.360.cn/post/macOS_Bluetoothd_0-click.html

blogs.360.cn 分享奇虎360公司的技术，与安全的互联网共同成长。

Exploiting Linux Kernel Heap Corruptions (SLUB Allocator)

Exploiting Linux Kernel Heap Corruptions

https://resources.infosecinstitute.com/exploiting-linux-kernel-heap-corruptions-slub-allocator

resources.infosecinstitute.com 1. Introduction In recent years, several researchers have studied Linux kernel security. The most common kernel privilege vulnerabilities can be divided

Inject Malicious Code to PHP-GD Image

https://medium.com//remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada

Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited | Volexity

Microsoft Exchange Control Panel - CVE-2020-0688

https://www.volexity.com/blog/2020/03/06/microsoft-exchange-control-panel-ecp-vulnerability-cve-2020-0688-exploited/

volexity.com Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited March 6, 2020 by Volexity Threat Research Facebook Twitter Email On February 11, 2020, as part of Patch Tuesday, Microsoft released cumulative updates and a service pack that addressed a remote code ex*****on vulnerability....

Apple’s (Not Quite) Secure Notes

Apple's Secure Notes 🍎🍏

https://www.blackbagtech.com/blog/apples-not-quite-secure-notes/

blackbagtech.com By: Sarah Edwards, Senior Digital Forensics Researcher While I was researching the Apple Notes application on macOS and iOS, I came across a peculiar scenarios where “secure” notes were partially and temporarily unsecure. This provides forensic

yoava333/presentations

Fuzzing the Windows Kernelhttps://github.com/yoava333/presentations/blob/master/Fuzzing%20the%20Windows%20Kernel%20-%20OffensiveCon%202020.pdf

github.com A repository for my conference presentations. Contribute to yoava333/presentations development by creating an account on GitHub.

The Cookie Monster in Your Browsers

The Cookie Monster in Your Browsers 🍪

https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers

speakerdeck.com A talk about cookies I presented in HITCON 2019

Bypassing GitHub’s OAuth flow

Bypassing GitHub's OAuth flow 🐱🐙

https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

blog.teddykatz.com For the past few years, security research has been something I’ve done in my spare time. I know there are people that make a living off of bug bounty programs, but I’ve personally just spent a few hours here and there whenever I feel like it.

AngularJS Client Side Template Injection (XSS) - Ghostlulz Hacks

AngularJS XSS 💥

http://ghostlulz.com/angularjs-client-side-template-injection-xss/

ghostlulz.com Slack Group Before we get started I have started a slack group dedicated to hacking. We welcome everyone from beginner…

COVID-19, Info Stealer & the Map of Threats - Threat Analysis Report - Reason cyberSecurity

A very well documented report on the "Coronavirus map" by Reason Labs.

https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/

blog.reasonsecurity.com Summary As global awareness of a Coronavirus pandemic gradually gives way to full out panic,...

Hacking Unicode Like a Boss | Bugcrowd

UNICODE LIKE A BOSS 😎

https://www.bugcrowd.com/blog/hacking-unicode-like-a-boss/

bugcrowd.com This guest post was authored by Charlie Eriksen, Bugcrowd researcher and CTO of Adversary. Adversary delivers a platform that provides technical security traini

CLAMBLING - A New Backdoor Base On Dropbox (EN) | 詮睿科技

Backdoor Base On Dropbox:

http://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/

talent-jump.com

Princess Cruises, hobbled by coronavirus, admits data breach – TechCrunch

https://techcrunch.com/2020/03/13/princess-cruises-coronavirus-breach/

social.techcrunch.com The data breach occurred almost a year ago, a statement said.

CERT-RO avertizează: Hackerii folosesc identitatea vizuală a OMS pentru campanii de phishing

europafm.ro Experţii Centrului Naţional de Răspuns la Incidente de Securitate Cibernetică (CERT-RO) avertizează că, într-o perioadă în care lumea este alertată de pandemia COVID-19, infractorii cibernetici încearcă să profite de pe urma popularității subiectului și a problemelor generate de răs...

nongiach/sudo_inject

Privilege Escalation by injecting process possessing sudo tokens 💣

https://github.com/nongiach/sudo_inject

github.com [Linux] Two Privilege Escalation techniques abusing sudo token - nongiach/sudo_inject

maurosoria/dirsearch

Best Dirsearch

https://github.com/maurosoria/dirsearch

github.com Web path scanner. Contribute to maurosoria/dirsearch development by creating an account on GitHub.

Great Ghidra Plugin that replaces libc magic numbers with readable names: https://github.com/0xb0bb/pwndra

Excellent Writeup: https://blog.orange.tw/2019/10/an-analysis-and-thought-about-recently.html