tradecraft – WindowsTechs.com

FBI Had the REvil Decryption Key

Posted on September 22, 2021 by Bruce Schneier

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation.

The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared…

Continue reading FBI Had the REvil Decryption Key→

Story of Gus Weiss

Posted on March 27, 2020 by Bruce Schneier

This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the 1980s. Lots of information about… Continue reading Story of Gus Weiss→

PRC Tradecraft: The Spy Down Under

Posted on December 16, 2019 by Marc Handelman

via the inimitable War Is Boring, comes news of an alleged effort (to the tune of a million simoleans) to co-opt an at-risk Chinese-Australian citizen to assist the People’s Repbublic of China in their illicit efforts to infiltrate and spy on the Aust… Continue reading PRC Tradecraft: The Spy Down Under→

Black Hat & DEF CON 2018 – Tradecraft Security Weekly #28

Posted on August 21, 2018 by Security Weekly Productions

This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week’s episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year. Links: Z… Continue reading Black Hat & DEF CON 2018 – Tradecraft Security Weekly #28→

PXE Boot Attacks – Tradecraft Security Weekly #27

Posted on August 13, 2018 by Security Weekly Productions

Network administrators often utilize Pre-boot Execution Environment (PXE) to rapidly deploy new systems on a network easily. Golden system images can be created with all the software and settings already in place for new systems. In this episode of Tra… Continue reading PXE Boot Attacks – Tradecraft Security Weekly #27→

OSINT & External Recon Pt. 2: Contact Discovery – Tradecraft Security Weekly #26

Posted on August 1, 2018 by Security Weekly Productions

During the reconnaissance phase of a penetration test being able to discover employee names and email addresses of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools i… Continue reading OSINT & External Recon Pt. 2: Contact Discovery – Tradecraft Security Weekly #26→

Phishing 2FA Tokens with CredSniper – Tradecraft Security Weekly #25

Posted on April 18, 2018 by Security Weekly Productions

Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Beau Bulloc… Continue reading Phishing 2FA Tokens with CredSniper – Tradecraft Security Weekly #25→

Evading Network-Based Detection Mechanisms – Tradecraft Security Weekly #24

Posted on March 29, 2018 by Security Weekly Productions

In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pente… Continue reading Evading Network-Based Detection Mechanisms – Tradecraft Security Weekly #24→

Live Response with Google Rapid Response (Blue Team Edition) – Tradecraft Security Weekly #10

Posted on July 15, 2017 by Paul Asadoorian

How do you perform incident response on systems in your environment at scale or when the system that needs to be analyzed is in a geographically different location than your analysts? What if you need to do this and have no real budget to work with to use commercial tools? The answer is Google Rapid […]

The post Live Response with Google Rapid Response (Blue Team Edition) – Tradecraft Security Weekly #10 appeared first on Security Weekly.

Continue reading Live Response with Google Rapid Response (Blue Team Edition) – Tradecraft Security Weekly #10→

Command & Control 101: Transports – Tradecraft Security Weekly #9

Posted on July 7, 2017 by Paul Asadoorian

After an attacker is successful in getting a payload onto a system and getting it to run they still have to worry about whether there will be a successful connection out to a command and control server. There are a number of different transport mechanisms that can be utilized including direct TCP connections, pivoting through […]

The post Command & Control 101: Transports – Tradecraft Security Weekly #9 appeared first on Security Weekly.

Continue reading Command & Control 101: Transports – Tradecraft Security Weekly #9→