OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

Source: https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html

More info: https://www.trellix.com/blogs/research/onedrive-pastejacking/

What is Pastejacking? Why you shouldn't copy paste from web?

With Firefox on X11, any page can pastejack you anytime (middle button paste)

https://www.openwall.com/lists/oss-security/2023/10/17/1

PasteJacker - Add PasteJacking To Web-Delivery Attacks

PasteJacker - Add PasteJacking To Web-Delivery Attacks #Pastejacking #hacking #windows #linux

The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there’s no tool doing this job the right way. Now while this attack depends on what the user will paste, imagine adding this attack to Metasploitweb delivery module. See this…

View On WordPress

Hack Windows - Linux - Mac Using Paste-jacking | PasteZort - Kali Linux ...

​PasteJacker The main purpose of the tool is automating (PasteJacking/Clipboard...

​PasteJacker The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way 😄 Now because this attack depends on what the user will paste, I implemented the Metasploit web-delivery module's idea into the tool so when the user pastes into the terminal, you gets meterpreter session on his device 😄 https://github.com/D4Vinci/PasteJacker Demo: https://www.youtube.com/watch?v=FfMoCPVjF5Y #cybersecurity #soft #attack #pastejacking #clipboard

-

Pastejacker. #caglararli https://www.instagram.com/p/B_hOhPnFwl3/?igshid=jxxn0dle0km2

Pastejacking: using malicious javascript to insert sneaky text into pasted terminal commands #1yrago

When a computer stops behaving, the solution often involves looking up an obscure command and pasting it into the terminal -- even experienced administrators and programmers aren't immune to this, because remembering the exact syntax for commands you use once every couple years is a choresome task.

For many years, security researchers have warned that CSS can be used to trick users by putting different text on the clipboard than the highlighted text on the screen, inserting malicious commands in place of innocuous ones.

But a new attack, dubbed "Pastejacking," uses javascript to make much sneakier clipboard insertions, including one proof-of-concept that changes the content of the clipboard over time, so a quick paste produces a different result to one that comes later.

The default Mac terminal warns users when they're pasting commands that have a carriage return, and gives them the option of removing it. This seems like a good countermeasure to me -- I'd like a version for my terminal program that let me always strip out CRs when pasting.

https://boingboing.net/2016/05/25/pastejacking-using-malicious.html

Exploiting Remote machine with Pastejacking

Exploiting Remote machine with Pastejacking

Pastejacking is a technique that takes over the clipboard of a machine, for instance, when we copy text from a website, that text can be riddled with malicious code that will execute when you paste that text. This is a very good way to achieve a Meterpreter session because of its simplicity. All that needs to be done is; copy some harmless words from the browser and paste them on the command…

View On WordPress

Hacker publishes GitHub secret key hunter

http://cyberparse.co.uk/2017/01/09/hacker-publishes-github-secret-key-hunter/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

TruffleHog snuffles through your dirty commit drawers,. A researcher has published a tool to help administrators delve into GitHub commits to find high-entropy secret keys. The tool dubbed TruffleHog is able to locate high-entropy keys with Github potentially saving admins from exposing their networks and sesnitive data.

TruffleHog developer Dylan Ayrey, who warned of the Pastejack attack last year, says the tool will locate any high entropy string longer than 20 characters. “[TruffleHog] searches through git repositories for high entropy strings, digging deep into commit history and branches,” Ayrey says. “This is effective at finding secrets accidentally committed that contain high entropy. “If at any point a high entropy string >20 characters is detected, it will print to the screen.” TruffleHog in action.

He says it searches the entire commit history of branches, checking each diff in commits, and evaluating the shannon entropy for both the base64 character set and the hexidecimal character set for every blob of text larger than 20 characters and comprised of those character sets in each diff. Reddit users praising the tool have claimed Amazon already searches GitHub for AWS keys and shutteres the respective service when any are found. TruffleHog relies only on GitPython. ® Sponsored: Customer Identity and Access Management

PasteJacker - Add PasteJacking To Web-Delivery Attacks

XSSJacking triggering XSS from SelfXSS using Clickjacking and Pastejacking

SNPX.com : XSSJacking triggering XSS from SelfXSS using Clickjacking and Pastejacking http://dlvr.it/NfY4FP

How to Hack Windows/Mac/Linux using PasteJacking (PasteZort) and Kali Linux 2017.1

How to Hack Windows/Mac/Linux using PasteJacking (PasteZort) and Kali Linux 2017.1

Hey Guys, In this video i show you how to use PasteJacking to hack any operating system using PasteZort and Kali Linux 2017.1.

PasteZort: https://github.com/ZettaHack/PasteZort

Installation and Usage: git clone https://github.com/ZettaHack/PasteZort.git cd PasteZort && ls chmod +x PasteZ0rt.py encode.rb ./PasteZort.py

What is Pastejacking? Nearly all browsers allow websites to run commands on the…

View On WordPress

¿CÓMO HACER UN ATAQUE PASTEJACKING Y TOMAR EL CONTROL DE LA MÁQUINA DE VÍCTIMA?

¿CÓMO HACER UN ATAQUE PASTEJACKING Y TOMAR EL CONTROL DE LA MÁQUINA DE VÍCTIMA?

Ha sido posible por un largo tiempo para que los desarrolladores usar CSS para añadir contenido malicioso en el portapapeles sin conocimiento del usuario y por lo tanto engañarlos para que ejecute comandos de terminales no deseados. Este tipo de ataque se conoce como clipboard hijacking. Un investigador de seguridad de página web, publicó una nueva versión de este ataque, que sólo utiliza…

View On WordPress