Back on my boring post grind to document my learning.
New #Blog post going through a #TryHackMe challenge. This time detecting two different attack types with snort!
https://ligniform.blog/posts/snort-live-attacks/
How secure are your browser extensions? 
A recent attack campaign has compromised at least 16 Chrome browser extensions, potentially exposing over 600,000 users to credential theft and data breaches. The attack exploited the extensive permissions granted to these extensions, demonstrating how they can be a weak link in web security systems.
The breach was initiated through a phishing scheme targeting extension publishers on the Chrome Web Store. Once attackers gained access, they implanted malicious code into legitimate extensions, enabling them to steal cookies, user access tokens, and other sensitive data. This malicious code communicated with an external Command and Control (C&C) server, allowing hackers to download additional configurations and exfiltrate stolen data.
Cybersecurity firm Cyberhaven was one of the first known victims. Its browser extension was compromised, and its malicious version remained active for about 24 hours before being removed. However, security experts warn that removing the extension from the Chrome Web Store doesn't entirely resolve the threat. If the compromised extension remains installed on user devices, it could still exfiltrate data.
The attack was not isolated to Cyberhaven. Security researchers identified several other compromised extensions during their investigation, including popular tools like AI Assistant - ChatGPT and Gemini for Chrome, Bard AI Chat Extension, Search Copilot AI Assistant, and multiple VPN-related extensions. These extensions were found communicating with the same C&C server involved in the Cyberhaven breach, signaling a broad, targeted campaign.
Researchers have discovered that the malicious code in Cyberhaven's extension targeted identity data and access tokens associated with Facebook accounts, specifically Facebook business accounts. This highlights the potential risk these attacks pose to both individual users and organizations relying on such accounts for operations.
Security experts criticize the widespread complacency around browser extension security. Most organizations lack visibility into the extensions installed across their devices, leaving them vulnerable. Since browser extensions often require broad permissions, such as access to cookies or identity information, they represent an overlooked but significant source of risk.
While some extensions have been updated or removed, this incident underscores broader challenges in managing browser extension security. Organizations and users alike must closely monitor installed extensions, limit unnecessary permissions, and remain vigilant against similar threats. The scope and sophistication of this campaign raise serious concerns about the future integrity of browser-based tools.
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
2024-12-03 RDP #Honeypot IOCs - 2943 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
144.126.239.72 - 1434
106.14.144.233 - 510
167.71.134.152 - 384
Top ASNs:
AS14061 - 1953
AS37963 - 510
AS135566 - 165
Top Accounts:
hello - 2736
142.93.8.59 - 81
Test - 30
Top ISPs:
DigitalOcean, LLC - 1953
Hangzhou Alibaba Advertising Co - 510
catCloud - 165
Top Clients:
Unknown - 2943
Top Software:
Unknown - 2943
Top Keyboards:
Unknown - 2943
Top IP Classification:
hosting & proxy - 2025
hosting - 570
Unknown - 300
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/gt4Za3zc
2024-12-03 RDP #Honeypot IOCs - 1962 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
144.126.239.72 - 956
106.14.144.233 - 340
167.71.134.152 - 256
Top ASNs:
AS14061 - 1302
AS37963 - 340
AS135566 - 110
Top Accounts:
hello - 1824
142.93.8.59 - 54
Test - 20
Top ISPs:
DigitalOcean, LLC - 1302
Hangzhou Alibaba Advertising Co - 340
catCloud - 110
Top Clients:
Unknown - 1962
Top Software:
Unknown - 1962
Top Keyboards:
Unknown - 1962
Top IP Classification:
hosting & proxy - 1350
hosting - 380
Unknown - 200
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/cxXxu9Dt
2024-12-03 RDP #Honeypot IOCs - 981 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
144.126.239.72 - 478
106.14.144.233 - 170
167.71.134.152 - 128
Top ASNs:
AS14061 - 651
AS37963 - 170
AS135566 - 55
Top Accounts:
hello - 912
142.93.8.59 - 27
Test - 10
Top ISPs:
DigitalOcean, LLC - 651
Hangzhou Alibaba Advertising Co - 170
catCloud - 55
Top Clients:
Unknown - 981
Top Software:
Unknown - 981
Top Keyboards:
Unknown - 981
Top IP Classification:
hosting & proxy - 675
hosting - 190
Unknown - 100
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/rpx2sCcZ
2024-12-02 RDP #Honeypot IOCs - 1191 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 516
167.71.134.152 - 192
52.171.138.27 - 192
Top ASNs:
AS37963 - 516
AS14061 - 267
AS8075 - 201
Top Accounts:
hello - 1005
142.93.8.59 - 48
Test - 27
Top ISPs:
Hangzhou Alibaba Advertising Co - 516
DigitalOcean, LLC - 267
Microsoft Corporation - 198
Top Clients:
Unknown - 1191
Top Software:
Unknown - 1191
Top Keyboards:
Unknown - 1191
Top IP Classification:
hosting & proxy - 579
hosting - 465
Unknown - 105
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/saCzcXRu
2024-12-02 RDP #Honeypot IOCs - 794 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 344
167.71.134.152 - 128
52.171.138.27 - 128
Top ASNs:
AS37963 - 344
AS14061 - 178
AS8075 - 134
Top Accounts:
hello - 670
142.93.8.59 - 32
Test - 18
Top ISPs:
Hangzhou Alibaba Advertising Co - 344
DigitalOcean, LLC - 178
Microsoft Corporation - 132
Top Clients:
Unknown - 794
Top Software:
Unknown - 794
Top Keyboards:
Unknown - 794
Top IP Classification:
hosting & proxy - 386
hosting - 310
Unknown - 70
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/RNZuWg3A
2024-12-02 RDP #Honeypot IOCs - 397 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 172
167.71.134.152 - 64
52.171.138.27 - 64
Top ASNs:
AS37963 - 172
AS14061 - 89
AS8075 - 67
Top Accounts:
hello - 335
142.93.8.59 - 16
Test - 9
Top ISPs:
Hangzhou Alibaba Advertising Co - 172
DigitalOcean, LLC - 89
Microsoft Corporation - 66
Top Clients:
Unknown - 397
Top Software:
Unknown - 397
Top Keyboards:
Unknown - 397
Top IP Classification:
hosting & proxy - 193
hosting - 155
Unknown - 35
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/PCpsCTvu
Last call!
Join us next week at Black Hat Europe #BHEU on 9th-10th in London for our Defending Enterprises - 2024 Edition 2-day training.
Tickets are selling well so you don't want to miss out on festive threat hunting, Christmassy monitoring and jingling alerts!
https://www.blackhat.com/eu-24/training/schedule/index.html#defending-enterprises----edition--39001
2024-12-01 RDP #Honeypot IOCs - 1020 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 519
167.71.134.152 - 168
159.89.203.133 - 54
Top ASNs:
AS37963 - 519
AS14061 - 246
AS213373 - 54
Top Accounts:
hello - 870
Test - 30
Domain - 30
Top ISPs:
Hangzhou Alibaba Advertising Co - 519
DigitalOcean, LLC - 246
IP Connect Inc - 54
Top Clients:
Unknown - 1020
Top Software:
Unknown - 1020
Top Keyboards:
Unknown - 1020
Top IP Classification:
hosting & proxy - 600
hosting - 207
Unknown - 180
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/7yDQMQFt
2024-12-01 RDP #Honeypot IOCs - 680 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 346
167.71.134.152 - 112
159.89.203.133 - 36
Top ASNs:
AS37963 - 346
AS14061 - 164
AS213373 - 36
Top Accounts:
hello - 580
Test - 20
Domain - 20
Top ISPs:
Hangzhou Alibaba Advertising Co - 346
DigitalOcean, LLC - 164
IP Connect Inc - 36
Top Clients:
Unknown - 680
Top Software:
Unknown - 680
Top Keyboards:
Unknown - 680
Top IP Classification:
hosting & proxy - 400
hosting - 138
Unknown - 120
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/aBeyh5fS
2024-12-01 RDP #Honeypot IOCs - 340 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 173
167.71.134.152 - 56
159.89.203.133 - 18
Top ASNs:
AS37963 - 173
AS14061 - 82
AS213373 - 18
Top Accounts:
hello - 290
Test - 10
Domain - 10
Top ISPs:
Hangzhou Alibaba Advertising Co - 173
DigitalOcean, LLC - 82
IP Connect Inc - 18
Top Clients:
Unknown - 340
Top Software:
Unknown - 340
Top Keyboards:
Unknown - 340
Top IP Classification:
hosting & proxy - 200
hosting - 69
Unknown - 60
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/vpFiTC13
2024-11-30 RDP #Honeypot IOCs - 1503 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
167.71.134.152 - 522
106.14.144.233 - 516
152.42.242.50 - 117
Top ASNs:
AS14061 - 705
AS37963 - 516
AS135918 - 72
Top Accounts:
hello - 1371
Domain - 48
Test - 24
Top ISPs:
DigitalOcean, LLC - 705
Hangzhou Alibaba Advertising Co - 516
VTDIGITAL - 72
Top Clients:
Unknown - 1503
Top Software:
Unknown - 1503
Top Keyboards:
Unknown - 1503
Top IP Classification:
hosting & proxy - 702
hosting - 585
Unknown - 147
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/jX02xsjJ
2024-11-30 RDP #Honeypot IOCs - 1002 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
167.71.134.152 - 348
106.14.144.233 - 344
152.42.242.50 - 78
Top ASNs:
AS14061 - 470
AS37963 - 344
AS135918 - 48
Top Accounts:
hello - 914
Domain - 32
Test - 16
Top ISPs:
DigitalOcean, LLC - 470
Hangzhou Alibaba Advertising Co - 344
VTDIGITAL - 48
Top Clients:
Unknown - 1002
Top Software:
Unknown - 1002
Top Keyboards:
Unknown - 1002
Top IP Classification:
hosting & proxy - 468
hosting - 390
Unknown - 98
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/kQXchiLs
2024-11-30 RDP #Honeypot IOCs - 501 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
167.71.134.152 - 174
106.14.144.233 - 172
152.42.242.50 - 39
Top ASNs:
AS14061 - 235
AS37963 - 172
AS135918 - 24
Top Accounts:
hello - 457
Domain - 16
Test - 8
Top ISPs:
DigitalOcean, LLC - 235
Hangzhou Alibaba Advertising Co - 172
VTDIGITAL - 24
Top Clients:
Unknown - 501
Top Software:
Unknown - 501
Top Keyboards:
Unknown - 501
Top IP Classification:
hosting & proxy - 234
hosting - 195
Unknown - 49
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/errA8i4C
What's your favorite #SIEM that runs on a raspberry pi?
2024-11-29 RDP #Honeypot IOCs - 1068 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 519
167.71.134.152 - 192
152.42.242.50 - 117
Top ASNs:
AS37963 - 519
AS14061 - 363
AS396982 - 36
Top Accounts:
hello - 954
Test - 33
Domain - 21
Top ISPs:
Hangzhou Alibaba Advertising Co - 519
DigitalOcean, LLC - 363
Google LLC - 36
Top Clients:
Unknown - 1068
Top Software:
Unknown - 1068
Top Keyboards:
Unknown - 1068
Top IP Classification:
hosting & proxy - 699
hosting - 234
Unknown - 87
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/YiSnuf6S
2024-11-29 RDP #Honeypot IOCs - 712 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 346
167.71.134.152 - 128
152.42.242.50 - 78
Top ASNs:
AS37963 - 346
AS14061 - 242
AS396982 - 24
Top Accounts:
hello - 636
Test - 22
Domain - 14
Top ISPs:
Hangzhou Alibaba Advertising Co - 346
DigitalOcean, LLC - 242
Google LLC - 24
Top Clients:
Unknown - 712
Top Software:
Unknown - 712
Top Keyboards:
Unknown - 712
Top IP Classification:
hosting & proxy - 466
hosting - 156
Unknown - 58
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/XwyBsG2C
2024-11-29 RDP #Honeypot IOCs - 356 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.14.144.233 - 173
167.71.134.152 - 64
152.42.242.50 - 39
Top ASNs:
AS37963 - 173
AS14061 - 121
AS396982 - 12
Top Accounts:
hello - 318
Test - 11
Domain - 7
Top ISPs:
Hangzhou Alibaba Advertising Co - 173
DigitalOcean, LLC - 121
Google LLC - 12
Top Clients:
Unknown - 356
Top Software:
Unknown - 356
Top Keyboards:
Unknown - 356
Top IP Classification:
hosting & proxy - 233
hosting - 78
Unknown - 29
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/HpJt9cj4
