jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

7MinSec

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:

• 100GB hard drive
• 2 procs
• 8 gigs of RAM

jhaddix

`
~/
~
ים
   
 
___
__
_

netspooky

This is a collection of NFO templates from various PSP Crack / Warez Groups 

--- 4Fun

 ▄▀ ▄▄█▓▄               ____________________ __________              ▄▓█▄▄ ▀▄ 
 ▐█ ███▀██▓▄            /  |  \_   _____/    |   \      \@TiLK       ▄▓██▀███ █▌
  ▓██▀ ░▐█▓▓           /   |  ||    __) |    |   /   |   \           ▓▓█▌░ ▀██▓
   ▀█▓ ░▐█▓▌          /    ^   /     \  |    |  /    |    \          ▐▓█▌░ ▓█▀
   ▀▀  ▄██▓           \____   |\___  /  |______/\____|__  /           ▓██▄  ▀▀
     ▄██▓▀   ▄▀            |__|    \/                   \/       ▀▄   ▀▓██▄

andrew-morris

RATIO ASN POPPED SIZE ORG
0.3945 AS52635 404 1024 SPEEDCONNECT - TECNOLOGIA E EQUIPAMENTOS
0.2500 AS60490 1 4 MTS PJSC
0.2500 AS198517 1 4 DOLNET GROUP sp. z o.o.
0.2158 AS263256 442 2048 PROVEDOR DE INTERNET EXTREMA LTDA - ME
0.2080 AS264643 213 1024 Enredes S.A.
0.1941 AS133469 795 4096 Multinet (Udaipur) Private Limited
0.1592 AS263051 326 2048 Infopardall Ltda me
0.1426 AS133692 146 1024 Fastnet Communication Pvt. Ltd.
0.1406 AS135195 36 256 NS COMPUTERS

jhaddix

.
..
........
@
*
*.*
*.*.*
🐎

nullenc0de

0
1
11
12
13
14
15
16
17
2

nullenc0de

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0

mak

import re
import sys
import pefile
from mlib.crypto import xor
from mlib.malware import trickbot
from mlib.struct import udword


def find_cfg_params(data):

jamesbercegay

I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.

As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php


$serverData = array_merge($_GET, $_POST);

if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
{
    $app = $this->application['handler'];