1
3
submitted 1 month ago* (last edited 1 month ago) by lettruthout to c/secops

The NGINX access.log of my VPS is showing a curiosity.

Instead of a simple request like this...

"GET / HTTP/1.1"

...regular requests are coming in that look like this

"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"

Is this some kind of hack attempt?

Here's an example of a full line from the log...

15.204.204.182 - - [24/Apr/2024:15:59:47 +0000] "\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00" 400 166 "-" "-"

EDIT: For what it might be worth, most of these requests come in singularly, from different IP addresses. Once (that I've noticed) repeated attempts came in quickly from one specific IP.

2
10
submitted 2 months ago by L4s to c/secops

Ghidra training classes from NSA::undefined

3
7
submitted 2 months ago by L4s to c/secops

An intro to automated evasion and compilation of .NET offensive tools::Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

4
3
submitted 2 months ago by L4s to c/secops

Phrack #71: Call For Paper::Phrack staff website.

5
10
submitted 2 months ago by [email protected] to c/secops
6
10
submitted 2 months ago by L4s to c/secops

Hacking Terraform state to gain code execution and privilege escalation::undefined

7
7
submitted 2 months ago by L4s to c/secops

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor::Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >

8
2
submitted 2 months ago by L4s to c/secops

New Server Side Prototype Pollution Gadgets Scanner from Doyensec::Unveiling the Server-Side Prototype Pollution Gadgets Scanner

9
9
submitted 2 months ago by L4s to c/secops

It's now possible to find the AWS Account ID for any S3 Bucket (private or public)::A technique to find the Account ID of a private S3 bucket.

10
8
submitted 2 months ago by L4s to c/secops

“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails::undefined

11
5
submitted 2 months ago by L4s to c/secops

SEO Poisoning to Domain Control: The Gootloader Saga Continues::Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More

12
1
submitted 3 months ago by L4s to c/secops

Code injection or backdoor: A new look at Ivanti's CVE-2021-44529::In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!

13
0
submitted 3 months ago by L4s to c/secops

Python Risk Identification Tool for generative AI (PyRIT)::The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems. - Azure/PyRIT

14
7
submitted 3 months ago by L4s to c/secops

New TP-Link authentication Bypass!::undefined

15
11
Optum / Change Healthcare Breach (status.changehealthcare.com)
submitted 3 months ago by L4s to c/secops

Optum / Change Healthcare Breach::Optum Solutions's Status Page - Update: Some applications are experiencing connectivity issues..

16
4
submitted 3 months ago by L4s to c/secops

Ongoing Malware Laced Developer Job Interviews::Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test

17
9
submitted 3 months ago by L4s to c/secops

Lockbit Ransomeware global taketown::With indictments and arrests.

18
2
submitted 3 months ago by L4s to c/secops

GitHub - mlcsec/FormThief: Spoofing desktop login applications with WinForms and WPF::Spoofing desktop login applications with WinForms and WPF - mlcsec/FormThief

19
4
submitted 3 months ago by L4s to c/secops

Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEs - XXE::Time and again, securing you

20
1
submitted 3 months ago by L4s to c/secops

Analysis of Mirai variant leveraging CVE-2023-1389::undefined

21
6
submitted 3 months ago by L4s to c/secops

Exploiting Unsynchronised Clocks::TL;DR According to data from RIPE, over 40% of computers attached to the Internet have a few seconds of clock drift, which with the right combination of headers, will make an HTTP response unintentionally cacheable. Background Like many parts of the HTTP model, caching has been extended and revised multiple times over the years. The result is a confusing set of response header values, which affect the way that the browser may or may-not cache the response.

22
5
submitted 3 months ago by L4s to c/secops

Snap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion System::Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages. Additionally, our …

23
35
submitted 3 months ago by L4s to c/secops

Decrypted: Rhysida Ransomware - "we are now publicly releasing our decryptor for download to all victims of the Rhysida ransomware"::The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations.

24
4
submitted 3 months ago by L4s to c/secops

Breach Analysis: APT29’s Attack on Microsoft - Password Spray & OAuth abuse.::undefined

25
3
submitted 3 months ago by L4s to c/secops

Troy Hunt: How Spoutible’s Leaky API Spurted out a Deluge of Personal Data::Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY!” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes:

Last week, someone reached out to me with what

view more: next ›

Security Operations

546 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 11 months ago
MODERATORS
L3s