Analyzing Latest WhatsApp Scam Leaking S3 Bucket

This is a quick blog about an amazon scam going on WhatsApp. In search of data, I found the S3 bucket which is publicly available. Since these scammers use victims’ data for personal use, I will be using their data for personal research.

Let’s begin the story of how it was possible to find data of scammers. This data may not contain the personal details of attackers but it can help to analyze the coding pattern and different source codes which are used by this group for multiple phishing attacks. Here I have mentioned two links there are chances that many more links are present.

Do not visit or click on the link and submit personal information.

Received the link in the WhatsApp group about the recent phishing scam.

Continue reading “Analyzing Latest WhatsApp Scam Leaking S3 Bucket”

Out-Of-Band RCE: CTF Walkthrough

So, this is my writeup on how I was able to achieve my first Remote Code Execution. Also after reviewing the code I was able to understand more about malicious code execution via OS functions. Finally, I was able to capture the flag and get the Hall of Fame, Check.

Out of Band(OOB) Command Injection is performed by sending a DNS request to a server, which occurs when input data is interpreted as an operating system command. By this, an attacker can execute arbitrary commands on the system and gain unauthorized access.

Continue reading “Out-Of-Band RCE: CTF Walkthrough”

Linux OS Hardening: CIS Benchmarks

As we’re going through a pandemic majority of business have taken things online with options like work from home and as things get more and moreover the internet our concerns regarding cybersecurity become more and more prominent. We start to dig a little to have standards in place and terms like  Compliance, Hardening, CIS, HIPPA, PCI-DSS are minted out. Today we’ll be discussing why to have CIS benchmarks in place in the least and how we at Opstree have automated this for our clients.

Before moving forward get familiar with basic terms:

CIS Benchmarks are the best security measures that are created by the Centre of Internet Security to improve the security configuration of an organization. Continue reading “Linux OS Hardening: CIS Benchmarks”