Dissecting a fresh BlankGrabber sample
Dissecting a fresh BlankGrabber sample
BlankGrabber is nothing new. It’s been documented by multiple companies such as ThreatMon, K7Security and has even had it’s source code disclosed on GitHub. So why exactly are we looking at a well documented and even reversed sample? Because there’s more than just the final payload. We a fresh unaltered sample, we get to look into how the sample gets dropped and loaded!
Threat hunting for shits and giggles [Part 1]
Threat hunting for shits and giggles [Part 1]
I’ll start by saying this post is not endorsed by hunt.io. I just happen to be a really big fan of what they’re doing.
Some hackers suck at OpSec
Not all hackers are the smartest. If you’ve ever played with Shodan or Censys, you’ve most likely come across open directories. What’s an open dir? It’s essentially when you expose the entire root of your website. It’ll typically look something like this: