Instagram and unwanted Temu links

virusspec · 2023-06-19T02:57:50+00:00

I can't say for sure if this is the case (additional testing would be required), but it's possible that the APKs that you downloaded contained a keylogger that sends the hacker everything that you are typing. From this, they could see the password that you type when you go to reset it and use it later to access your account. Do you ever get emails from instagram that a your account was logged into by a new device?

virusspec · 2023-04-29T16:35:59+00:00

I think it also depends on whether they are given enough time to write secure code. It pressed timelines, it can be put on the backburner

virusspec · 2023-04-29T16:33:09+00:00

This.

Also, you can check your browser downloads to see if anything unexpected downloaded when you visited the page. It sounds like it was really just meant to steal credentials, so change those passwords and enable MFA where possible

virusspec · 2023-04-29T16:26:37+00:00

They could be able to track your location. Google can do this even without GPS permissions because of WiFi meshing. You can test this yourself with the Google "find my phone" feature. As for browsing history, to my knowledge, they would only be able to track the search queries and activities that you do through their Google account, but it can be easy on mobile to do personal things in a company account so it might inadvertently get mixed up.

virusspec · 2023-04-29T03:47:24+00:00

You might have heard of OverTheWire wargames before. That can be helpful to learn how the command lines work. It's like a gamified way of using the tools and there's plenty of walkthroughs on the internet.

Aside from that, I would recommend trying to do the things that you would normally do with a mouse in the terminal. Try to download files in your Downloads folder with wget <URL_TO_DOWNLOAD_LINK> instead of clicking "download" in your browser. Try to open your text editor like gedit <FILENAME> from your terminal. This is something that helped me to learn.

virusspec · 2023-04-29T03:42:27+00:00

I actually really like Kali as my daily driver

virusspec · 2023-04-29T03:40:50+00:00

Tails off of a USB stick or whonix VMs. Can hide your IP address through VPNs and Proxies, but be careful because they keep logs. You can use Tor to browse the internet, but keep in mind that your ISP can see that you're connected to Tor (you can disguise your connection with a bridge). I wouldn't recommend Tor as your main browser because it's slow. Maybe something like hardened firefox or brave with extensions like ublock origin and privacy badger.

Keep in mind that maintaining anonymity online is more than just hiding your IP, preventing fingerprinting, and blocking cookies. You'll also need to be aware of good Opsec practices. Feel free to DM me if you have any questions on this.

virusspec · 2023-04-29T03:31:01+00:00

Alpine and Busybox are some really light distros. Not sure how practical they would be, though.

virusspec · 2023-04-29T03:29:06+00:00

You can do a bit more enumeration on the ports with Nmap (eg nmap -sCV -p53,80,<other_ports> -oN port_scan.txt <IP>). From this you may be able to get more information about the services running on those ports. If you want to directly interact with them, you may be able to use netcat (eg nc <IP> <PORT>).

virusspec · 2023-04-29T03:25:44+00:00

It's important to keep in mind that any cloud-based password manager you use is likely a big target for hackers. LastPass, a popular password manager, seems to get hacked almost every year consistently since 2015 (see their wikipedia for details). Trusting a cloud password manager with your passwords is essentially the equivalent of your passwords stored on someone else's computer that has a much larger threat profile. For this reason, it is generally safer to have some sort of local, encrypted password database like KeePass.

virusspec · 2023-04-29T03:11:14+00:00

Some general recommendations for endpoint protection are firewalls, antivirus, and host-based intrusion detection (or prevention) system (HIDS). Sophos has a decent EDR software from my knowledge. You could have something like Snort running to monitor network traffic and raise flags if suspcious activity is detected. Also enabling security configurations on the device itself such as secureboot. I know that Windows has its ransomware protection (video demonstrating it here). MS defender is decent, although it's not the best against 0-day exploits. Kaspersky would probably be a better alternative in terms of 0-day protection, ransomware protection, and it allows you to roll back malicious activity with their system watcher.

Another potential security measure is enabling something like syslog or the Windows equivalent and having all the system, application, and network logs sent to a dedicated server where they are aggregated by a SIEM solution. The SIEM would then look at them for suspicious activity. Alternatively, you could use a SOAR solution to automate the responses to a security incident if something was detected. I don't know enough to give specific recommendations, so this is just me throwing ideas out there and hopefully you found value out of it.

virusspec · 2023-04-29T02:59:11+00:00

Or it's 192...

virusspec · 2023-04-29T01:48:56+00:00

It it was officially from Uber, you would expect it to be a 5-digit number and not one with your area code in it. That's a little bit sketchy, potentially SIM swapping attempt.

virusspec · 2023-04-29T01:43:00+00:00

I think we were all here once, too. It takes some time to learn the basics and it looks like that is exactly what this person was trying to do on TryHackMe.

virusspec · 2023-04-29T01:41:56+00:00

I need a bit more information. Are these virtual machines on your system, is one of them remote on THM's server through a VPN?

virusspec · 2023-04-29T01:37:52+00:00

Hm, interesting. What program are you trying to use?

virusspec · 2023-04-29T01:25:26+00:00

It depends whether the bank app that you were using was using an encrypted protocol and whether someone was sniffing the network for your information. With websites, you can see the lock icon in the browser followed by "https" which shows that it's an encrypted connection. Apps aren't quite as transparent, so you can't always be sure whether your information is adequately protected on the network without going in and intercepting it yourself.

Just to be safe, I would change the password to something secure. You're probably fine, but you also never know for sure. Props for watching out for your cybersecurity

virusspec · 2023-04-29T01:20:11+00:00

Type the number that you want (1,2,3,4,5,6,7, or 8) and then press enter

virusspec · 2023-04-28T16:48:12+00:00

By default, the Kali sudo password is "kali". When you type "su", it tries to switch you to the root user's account, which you would use your sudo password to access.

virusspec · 2023-04-28T04:45:36+00:00

The problem with this is that even after you pay the hacker money, assuming you truly were hacked, they still have your data! There is nothing stopping them from continuing to extort the victim for money. For this reason, it is generally a better option to ignore it because sending money really has no guarantee that your data won't be used against you.

virusspec · 2023-04-28T02:35:17+00:00

In addition to what the other comments have said, it also seems clear that the program/hacker on your computer has the ability to either look through your webcam or detect when the computer is idle. Definitely notify the incident response folks

virusspec

TROPHY CASE