Elons (Proxima/Black Shadow related) ransomware attack via Oracle DBS External Jobs

Ylabs2025-09-16T16:22:57+02:00Premise As Yarix’s Incident Response Team, our responsibilities are to manage critical issues related to cyber-attacks carried out by cybercriminals, intervening promptly in order to guarantee security to victim companies and to minimize latent risks, analyzing the systems within their infrastructures and indicating precise remediation actions capable of re-establishing a state of security sufficient for normal operational recovery. In the course of...

Doppelganger: An Advanced LSASS Dumper with Process Cloning

Ylabs2025-06-03T14:52:41+02:00Github Repo: https://github.com/vari-sh/RedTeamGrimoire/tree/main/Doppelganger What is LSASS? The Local Security Authority Subsystem Service (LSASS) is a core component of the Windows operating system, responsible for enforcing the security policy on the system. LSASS is a process that runs as lsass.exe and plays a fundamental role in: User authentication: It verifies users logging into the system, interacting with authentication protocols such as NTLM and Kerberos. Credential management: It handles...

Exploring the LockBit Panel Breach – What Logs and Chats Reveal About Ransomware-as-a-Service

cti2025-06-04T17:53:29+02:00On May 7, 2025, a number of domains associated with the LockBit ransomware group were subjected to a web defacement attack by an unknown individual. Visitors to the compromised domains encountered the following message, replacing the original website content: Don’t do crime. CRIME IS BAD. xoxo from Prague On the same page, a file named “paneldb_dump.zip” was available for download. This archive...