Jump to content
Tuts 4 You

FireEye discloses breach, theft of hacking tools


Recommended Posts

  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

  • whoknows


  • Kurapica


  • deepzero


  • Teddy Rogers


Top Posters In This Topic

Popular Posts


@Kurapica: It reminds me a quote from the book "Ten Laws for Security": It's a great book, perhaps you should read it someday! Brings a totally different perspective on protecting company asse

It's weird how resourceful companies and organizations with sensitive data rely on a 3rd-party contractor to provide such software for monitoring their systems. And the access level those monitor

Posted Images

benchtweakgaming.Windows 10 Debloat Tool GUI

based this on farag2’s – Windows 10 ‘Sophia‘ Script,  tool is basically a front-end


Link to post

FireEye breached after SolarWinds supply-chain attack

this is hard sex - "products that contained this vulnerability to be fewer than 18,000"



Link to post

SolarWinds’ comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Our customer list includes:

More than 425 of the US Fortune 500

All ten of the top ten US telecommunications companies

All five branches of the US Military

The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States

All five of the top five US accounting firms

Hundreds of universities and colleges worldwide


Well - it certainly seems like a good choice to attack...

  • Like 1
Link to post

Hackers used SolarWinds' dominance against it in sprawling spy campaign

Cybersecurity experts are still struggling to understand the scope of the damage.

“We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.”

The hackers inserted malicious code into Solarwinds.Orion software updates pushed out to nearly 18,000 customers.

The malicious updates - sent between March and June

We may not know the true impact for many months, if not more – if not ever

The company’s stock has tumbled more than 23%

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123



Link to post





"In an effort to save face, Mandia went to some trouble to outline just how good the hackers were and the extraordinary lengths they must have gone to in order to pull down its pants in public, spank it on the bottom, and then run away laughing while FireEye was standing at a lectern telling everyone why they needed to hire the company to protect their networks."


Link to post

Microsoft says it found malicious software in its systems



51% of 4 million Docker images have critical vulnerabilities



Rocky Linux: A CentOS replacement by the CentOS founder



Europol launches new decryption platform for law enforcement


Edited by whoknows
merge shits (see edit history)
  • Like 1
Link to post
1 hour ago, whoknows said:

Microsoft says it found malicious software in its systems




rofl , so what should Windows 10 users say about their systems ?!


  • Haha 1
Link to post

Statement from MS side.

Just to clarify, Frank X Shaw is Corporate Vice President, Corporate Communications at Microsoft Corporation. So a pretty senior executive who usually doesn't talk out of his ass, unlike a certain journalist..


Edited by kao
+explanation what this tweet means (see edit history)
  • Like 1
Link to post
Teddy Rogers
8 hours ago, deepzero said:

Makes you wonder who really was monitoring and managing the monitoring and management platform... 🤔


Additional malware discovered

In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor. The malware consists of a small persistence backdoor in the form of a DLL file named App_Web_logoimagehandler.ashx.b6031896.dll, which is programmed to allow remote code execution through SolarWinds web application server when installed in the folder “inetpub\SolarWinds\bin\”. Unlike Solorigate, this malicious DLL does not have a digital signature, which suggests that this may be unrelated to the supply chain compromise.  Nonetheless, the infected DLL contains just one method (named DynamicRun), that can receive a C# script from a web request, compile it on the fly, and execute it.


  • Haha 1
Link to post

Virtual Machine Detection in the Browser



Fujifilm and IBM Set World Record With 580TB Magnetic Tapes


Edited by whoknows (see edit history)
Link to post

Awesome practical tricks used.  Funny how non targeted domains were hashed so its computationally difficult to even figure that out.

Also the way it masquerades as seemingly a normal business backend file and protocol was very clever.  If the attackers did not use this vector to install further RATs that would be quite a waste.  Though if the network communication is heavily monitored at these big targets then perhaps this initial discovery would have blown the whole thing anyway.  But at least it should have had backup domains or IPs given that they were quick to go to court and disable it completely by grabbing the domain name

Link to post

It's weird how resourceful companies and organizations with sensitive data rely on a 3rd-party contractor to provide such software for monitoring their systems.

And the access level those monitoring tools had over these systems, I wonder if it's a full access to every thing on these networks.

But it was epic to see .NET finally being used in a sophisticated attack.

  • Like 2
Link to post

Firefox to ship 'network partitioning - what a gr8 shit! love it!


Link to post

Microsoft discovers SECOND hacking team dubbed 'Supernova' installed backdoor in SolarWinds software in March - as Feds say first Russian 'act of war' cyber attack struck at least 200 firms and US federal agencies



It just keeps getting better...

  • Like 2
Link to post

Those big companies are tasting their own poison now, violating the privacy of all humans for years !

Why is it legal when they do it ? no one bats an eye when they spy on users and fu⁠ck us everyday by the name

of improving services or protecting their interests ! now it's named an act of war because they are the victims.



  • Thanks 1
Link to post

iPhone factory workers say they haven’t been paid, cause millions in damages


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...