Rhysida – Ransomware Payload Analysis

RANSOMWARE GROUP DETAILS Ryhsida is a ransomware gang that became famous starting from May 2023 after being correlated to a series of high profile cyber attacks in west Europe, north an south America and Australia. The group seems to be linked with the known Threat Actor “Vice Society”. The team takes his name from a centipede species called Rhysida, this specific kind...

Pizza, Pasta and Red Teaming: insights and ideas for an Italian-style report

Pizza, Pasta and Red Teaming: insights and ideas for an Italian-style report Foreword After more than 2 years from the inauguration of Labs, made with my friend Paolo Stagno aka VoidSec, it was perhaps time for me to write something . But $whoami? Make yourself comfortable and go to the "Author" section at the end of the article. The challenge In these years, my mission,...

GhostSec, the hacktivist collective targeting ICSs

Introduction To be able to achieve their objectives, hacktivist groups have been traditionally employing techniques such as distributed denial of services (DDoS), website defacements, and leaks of documents. These operations are usually conducted to advocate for specific social or political causes. Recently, it has been observed that hacktivist groups have shifted towards the targeting of Industrial Control Systems (ICS). These types of...

GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998

GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998 Overview During an engagement on a client's public infrastructure, we detected an exposed installation of G3WSuite. Since we were asked to perform a black box pentest on the G3WSuite installation, we had to find a way to gather as much information about the target as possible. Luckily for us, the whole G3WSuite codebase is...