Aman Mishra

Featured in: Favicon

medium.com Favicon

wiley.com

sportskeeda.com Favicon

financialexpress.com Favicon

rsc.org

yourtango.com Favicon

amarujala.com Favicon

unirioja.es Favicon

sooperarticles.com Favicon

careers360.com + 7 more

Articles

Hackers Exploit Advanced MFA Bypass Techniques to Compromise User Accounts

2 months ago | gbhackers.com | Aman Mishra

In recent years, phishing has remained the most prevalent form of cyberattack, with approximately 1.2% of global email traffic.
Threat Actors Evade Security Measures to Launch SIM Swap Attacks

2 months ago | gbhackers.com | Aman Mishra

SIM swapping fraud continues to pose a significant threat to individuals and financial institutions, despite ongoing efforts.
Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Feb 7, 2025 | gbhackers.com | Aman Mishra

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning.
FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Jan 17, 2025 | gbhackers.com | Aman Mishra

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing campaigns are delivered via Telegram and use unique URLs to route users to credential-capturing counterfeit login pages. These pages masquerade as popular services and steal login credentials along with multifactor authentication tokens via HTTP POST requests to adversary-controlled backend servers.
Hackers Deploy Web Shell To Abuse IIS Worker And Exfiltrate Data

Jan 16, 2025 | gbhackers.com | Aman Mishra

An attacker exploited a vulnerability in the batchupload.aspx and email_settings.aspx pages on the target server that allowed them to upload a malicious web shell to the IIS worker process (w3wp.exe). They initially attempted to upload a web shell to another location but failed to interact with it. Network traffic analysis revealed the source of the attack originated from IP address 86.48.10[.]109 using a forged user-agent string to mimic a legitimate Chrome browser.
AIRASHI Botnet Exploiting 0DAY Vulnerabilities In Large Scale DDoS Attacks

Jan 16, 2025 | gbhackers.com | Aman Mishra

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024 that leveraged a 0DAY vulnerability on cnPilot routers and used RC4 encryption for sample strings. After a brief pause in September, the botnet reappeared in October with the name kitty and was updated again in November as AIRASHI.
New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Jan 16, 2025 | gbhackers.com | Aman Mishra

Botnets are the networks of compromised devices that have evolved significantly since the internet’s inception. Threat actors exploit vulnerabilities to control these devices remotely by leveraging them for malicious activities.
RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Jan 13, 2025 | gbhackers.com | Aman Mishra

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot client.py script to connect to a remote server. Evidence suggests data exfiltration to cloud storage as this APT group targets various industries and aims for long-term persistence for data collection.
Hackers Using YouTube Links and Microsoft 365 Themes to Steal Logins

Jan 13, 2025 | gbhackers.com | Aman Mishra

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims. The attackers leverage social engineering tactics, often claiming imminent password expiration, to induce panic and pressure users into clicking malicious links.
Hackers Abusing Youtube To Deliver Malware That Steals Browser Data

Jan 13, 2025 | gbhackers.com | Aman Mishra

Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging. Password protection and encoding techniques further complicate analysis and evade early sandbox detection. Once a system is compromised, malware can steal sensitive data from web browsers by exploiting credential storage mechanisms.