Cybercriminals for five hours one day took over the online operations of a major bank and intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions in an attack that employed valid SSL digital certificates and Google Cloud to support the phony bank infrastructure. The attackers also obtained valid digital certificates for their poser bank’s servers via Let’s Encrypt, a legitimate HTTPS certificate provider, to dupe customers who, when they logged into their online accounts, were redirected to the phony systems.The bank didn’t deploy the two-factor authentication option offered by Registro.br, which left the financial institution vulnerable to an authentication-type attack as well as authentication-type flaws such as CSRF. This was a major bank heist, as this bank has $25 billion in assets, 5 million customers worldwide, and 500 branches in Brazil, Argentina, the US, and the Cayman Islands. According to the article many more banks are at risk; most banks in Latin America rely on a third-party DNS provider for their infrastructure, and at least half of the top 20 largest banks in the world use DNS providers for some or all of their DNS infrastructure.
Exploiting “Vulnerable Server” for Windows 7
This is a tutorial I found which shows how to discover and test an exploit in Windows 7. The tutorial involves using a debugger to test an application that has been sent a buffer overflow and identify the spot in memory to place the shellcode. The tutorial doesn’t get too much into assembly and offers a pretty clear description when needed. There is also a tutorial to exploit Windows applications that have DEP using ROP (a topic that was touched on in Metasploit Unleashed in “Exploit Payloads-MSFrop”).
https://samsclass.info/127/proj/vuln-server.htm
https://samsclass.info/127/proj/rop.htm
Metasploit Project
Metasploit Valentines Day update
This article is from the weekly blog post from Rapid 7. There’s a few interesting topics talked about, such as their suggestion for users to use post exploitation modules, a new exploit to exfiltrate data from Cisco Firepower Management console, a new stateless Android meterpreter module and a new module for hacking into cars remotely. This blog seems like a good way to stay updated on new modules and updates to the Metasploit framework and news in the offsec community.