HackerTrans
TopNewTrendsCommentsPastAskShowJobs

CuckooExe

no profile record

Submissions

(Im)perfectProject(or) Hacking a small WiFi connected projector for fun

axelp.io
2 points·by CuckooExe·3 yıl önce·1 comments

Malicious update/malware by a semi-advanced adversary

axelp.io
104 points·by CuckooExe·4 yıl önce·34 comments

comments

CuckooExe
·3 yıl önce·discuss
Had a lot of fun tearing apart this projector to hack it, unfortunately wasn't able to test the exploit at the end of the day due to some hard lessons I learned!
CuckooExe
·4 yıl önce·discuss
nullptr security | Washington, D.C. and Northern Virginia (ONSITE) | Uncleared and Cleared

> Red Team Operators

This job posting is for a full-time Red Team Operator, Junior through Senior experience levels, performing offensive-security tasking on-site. You will work with other contractors and customer engineers to deliver impactful, mission-critical capabilities with lasting impressions on US federal infrastructure. The duties required by this position covers the full-lifecycle of penetration testing: Reconnaissance, Scanning, Vulnerability Assessment, Exploitation, and Reporting. Projects can range from attacking network infrastructure to conducting phishing operations against target customers. You must be able to work independently, and as a part of a team.

> Cybersecurity Developer

This job posting is for a full-time CNO Developer embedded in the customer-site. You will work with other contractors and customer engineers to deliver impactful, mission-critical capabilities. The duties required by this position covers the full-spectrum of software development: Planning, Programming, Testing, Shipping. Projects can range from traditional software-engineering following the software development lifecycle, to focused vulnerability research and exploitation development. You must be able to work independently, and as a part of a team.

> Applying

Please reach out to [email protected], visit our site: https://nullptrsec.io/careers, or find us on LinkedIn: https://www.linkedin.com/company/nullptr-security/
CuckooExe
·4 yıl önce·discuss
Thanks for pointing that out! I'll try to update my phrasing to make it more clear. At the end of the day, I don't have definitive proof of anything, however, I'm fairly confident that it was taken down in response to one of two things: a) the payload was downloaded and executed (technically), or b) I was badgering their domain with requests to re-download it.

If it was a), then this might indicate a more advanced adversary who has the TTPs to support this. If it was b), which hints at something more reactionary, then I'm going to guess the adversary was slightly less advanced.

Lmk if you have more questions!
CuckooExe
·4 yıl önce·discuss
Yeah, when I decoded the B64 params, I did see the `cid` keyword, and briefly thought that this might be just really good adware. However, the following stages were too sophisticated for some person to just serve me an ad.

And I'm not sure if a coffee shop farther outside of Tyson's (not going to ask why you specifically said that area) would've helped. I'm very confident that they tore down their C2 after seeing either a (in their eyes) successful callback, or me badger their server with follow on requests.
CuckooExe
·4 yıl önce·discuss
> Also, please don't execute payloads on your laptop. That seems really stupid.

I would never execute a payload that I didn't manually vet on my computer :) That's why I didn't actually execute the full stage-two, but just pieces of it so it would decode what it was reaching out to. I also replaced the `eval` in the next stage to an `echo` to see what it was doing!
CuckooExe
·4 yıl önce·discuss
Small blog post where I detail a malicious update I got served, try to track what it was doing, who sent it, and my mistakes. Would love to hear your thoughts!