+ Reply to Thread
Results 1 to 2 of 2
Like Tree3Likes
  • 3 Post By AnArKI

Thread: Analysis of a Real JBOSS Hack Share/Save - My123World.Com!

  1. 11-06-2011, 06:33 PM #1
    AnArKI
    AnArKI is offline
    Super Administrator AnArKI has a spectacular aura aboutAnArKI has a spectacular aura aboutAnArKI has a spectacular aura about AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    501
    Blog Entries
    1
    Thanks
    180
    Thanked 169 Times in 86 Posts

    Analysis of a Real JBOSS Hack



    This is an analysis of a recent attack observed on a on a large enterprise network. The attackers compromised multiple servers via JBOSS JMX console vulnerabilities. With this access they were able to install tools for remote access and transmit data from the enterprise network to their C&C systems. The attack, while not sophisticated, demonstrates some of the techniques used by the hackers and burns their IP addresses that were used. We will discuss the attack and our methodology for the detection and response.

    Read the full analysis hereAnalysis of a Real JBOSS Hack - 9b+
    prashant_uniyal, "vinnu" and Hackuin like this.
    Reply With Quote Reply With Quote

  2. The Following 2 Users Say Thank You to AnArKI For This Useful Post:

    neo (11-09-2011), prashant_uniyal (11-08-2011)
  3. 01-19-2012, 03:23 AM #2
    Viagr4
    Viagr4 is offline
    Garage Newcomer Viagr4 is on a distinguished road
    Join Date
    Jan 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Good report.

    There are a lot of JBoss worms out there in the wild, and also a bunch of insecured jboss consoles ready to be owned.

    Check this report on a JBoss worm: JBoss Worm Analysis in Details
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules