Metasploit is one of the most widely used exploit frameworks globally; threat actors, penetration testers and red teams alike use it, as it is completely free and open source.
Although Metasploit has been around for a while now, some of its capabilities are still able to evade security solutions, making it difficult to identify malicious code that has been wrapped in Metasploit encoders. One such encoder is Shikata-Ga-Nai, which is used by Metasploit as an evasion mechanism for delivering payloads. Shikata-Ga-Nai, which roughly translated means “nothing can be done about it”, was used in Shikitega, a newly discovered Linux-targeted malware.
In our latest Campaign of the Week, we go in deep to learn about one of Metasploit’s best encoding schemes – Shikata-Ga-Nai. The campaign includes a technical analysis performed by Cyberbit’s researchers, and essential detection methods. Don’t wait till your organization has been attacked because when it comes to mitigation, well… – “Shikata-Ga-Nai” – nothing can be done about it.
Over the last weeks, hundreds of organizations including 2 DOE Agencies, were impacted by ransomware attacks, as a result of the the MOVEit Transfer Vulnerability, […]
APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, […]
In March 2023, Microsoft published a critical update notifying users of a vulnerability affecting Microsoft Outlook. This vulnerability (CVE-2023-23397) is exploitable by attackers on Windows-based […]
Only recently discovered, “Beep” malware is already making headlines in the world of cybersecurity. Designed to fly under the radar of security software with a […]
ChatGPT: The Hacker’s New Best Friend? Frequently in the news, ChatGPT has become the fastest-growing consumer application in history. The Artificial Intelligence (AI) tool is […]
Agent Tesla, a leading malware threat to organizations, has the ability to steal sensitive information and is continuing to evolve and spread. It is offered […]
AWS Lambda, one of AWS’ 200 outstanding services, is an event-driven, serverless computing platform that allows you to run code for applications and backend services […]
Multifactor Authentication (MFA) is a popular and crucial security concept used by organizations worldwide. However, it is not invulnerable. A good example of threats to […]
In early August 2022, the Vietnam-based Cybersecurity company GTSC, discovered a zero-day vulnerability in the Microsoft Exchange platform, which received the name “ProxyNotShell”. The Zero […]
In the never-ending war between cyber criminals and defense teams across the globe, adversaries continue to develop innovative methods to penetrate organizations. One of the […]
“Tropical Scorpius”, a group of threat actors associated with the Cuba Ransomware (aka COLDDRAW), was recently observed deploying the malware with previously undocumented tactics, techniques, […]
ChromeLoader, aka, ChoziosiLoader, is part of the browser hijacker malware family and targets both Windows and macOS. First discovered in February, it is well-known in […]
Over the past few months, reports about Magniber ransomware infections have been increasing worldwide. Social engineering methods for delivering Magniber have become increasingly sophisticated over […]
On May 19th, 2022, a malware sample uploaded to VirusTotal containing malicious payload, Brute Ratel C4, went undetected by all 56 antiviruses that evaluated it. […]
BluStealer, first detected in May 2021 by Twitter user James_inthe_box, is an information-stealing malware with the ability to steal cyrpto wallet data, swap crypto addresses […]
Matanbuchus is a malware-as-a-service that first surfaced back in 2021 but has since resurfaced; threat researchers recently discovered a malicious phishing campaign that spreads the […]
Intezer and the BlackBerry Research and Intelligence Team recently published their comprehensive research on Symbiote, a highly evasive Linux malware. Appropriately named after the biological […]
Conti is a ransomware-as-a-service program and is one of the most prolific ransomwares of the past year. In what is believed to have been an […]
Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]
And the next stop is – root privileges! Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an […]
Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]
The malware of many tricks and no treats In 2016, the threat group Wizard Spider developed TrickBot – a highly modular banking trojan believed to […]