Malicious PyPi Requests Fork Hides Backdoor In PNG File

Iranian Cyberspies Hit Targets With New Backdoors

Ten Years Of Heartbleed: Lessons Learned

Powerful Brokewell Android Trojan Allows Device Takeover

Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead

Nation-State Hackers Exploit Cisco Firewall Zero Days To Backdoor Government Networks

Bing Ad Posing As NordVPN Aims To Spread SecTopRAT Malware

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of

Major Linux Distributions Impacted By XZ Utils Backdoor

FAQ On The xz-utils Backdoor

Technologist Versus Spy: The xz Backdoor Debate

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils

Chinese Cyberspies Targeting ASEAN Entities

Justice Dept Indicts 7 Accused In 14 Year Long Hack Campaign By Chinese Government

StrelaStealer Malware Hits More Than 100 EU And US Organizations

Suspicious NuGet Package Harvesting Info From Industrial Systems

Developers Hacked In Sophisticated Supply Chain Attack

Ransomware, RATs, And More Deployed On Compromised TeamCity Servers

Chinese APT Hacks 48 Government Organizations

Fujitsu Reveals Malware Installed On Internal Systems

Never Before Seen Linux Malware Gets Installed Using 1-Day Exploits

Microsoft Under Constant Attack By Russian Hackers, Filing Says

GTPDOOR - A Novel Backdoor Tailored For Covert Access Over The Roaming Exchange

Hikvision Patches Vuln In Security Management System

Australian Spy Chief Fears Sabotage Of Critical Infrastructure

BackDoorSim - An Educational Into Remote Administration Tools

BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more.

Disclaimer

This tool is intended for educational purposes only. Misuse of this software can violate privacy and security policies. The developers are not responsible for any misuse or damage caused by this software. Always ensure you have permission to use this tool in your intended environment.

Features

• File Transfer: Upload and download files between server and client.
• Screenshot Capture: Take screenshots from the client's system.
• System Information Gathering: Retrieve detailed system and security software information.
• Camera Access: Capture images from the client's webcam.
• Notifications: Send and display notifications on the client system.
• Help Menu: Easy access to command information and usage.

Installation

To set up BackdoorSim, you will need to install it on both the server and client machines.

1. Clone the repository:

shell $ git clone https://github.com/HalilDeniz/BackDoorSim.git

1. Navigate to the project directory:

shell $ cd BackDoorSim

1. Install the required dependencies:

shell $ pip install -r requirements.txt

Usage

After starting both the server and client, you can use the following commands in the server's command prompt:

• upload [file_path]: Upload a file to the client.
• download [file_path]: Download a file from the client.
• screenshot: Capture a screenshot from the client.
• sysinfo: Get system information from the client.
• securityinfo: Get security software status from the client.
• camshot: Capture an image from the client's webcam.
• notify [title] [message]: Send a notification to the client.
• help: Display the help menu.

Disclaimer

BackDoorSim is developed for educational purposes only. The creators of BackDoorSim are not responsible for any misuse of this tool. This tool should not be used in any unauthorized or illegal manner. Always ensure ethical and legal use of this tool.

DepNot: RansomwareSim

If you are interested in tools like BackdoorSim, be sure to check out my recently released RansomwareSim tool

BackdoorSim: An Educational into Remote Administration Tools

If you want to read our article about Backdoor

Contributing

Contributions, suggestions, and feedback are welcome. Please create an issue or pull request for any contributions. 1. Fork the repository. 2. Create a new branch for your feature or bug fix. 3. Make your changes and commit them. 4. Push your changes to your forked repository. 5. Open a pull request in the main repository.

Contact

For any inquiries or further information, you can reach me through the following channels:

• LinkedIn : Halil Ibrahim Deniz
• TryHackMe: Halilovic
• Instagram: deniz.halil333
• YouTube : Halil Deniz
• Email : halildeniz313@gmail.com

Code Injection Or Backdoor: A New Look At Ivanti's CVE-2021-44529

Backdoors That Let Cops Decrypt Messages Violate Human Rights, EU Courts Says

Cybercriminals Are Stealing Face ID Scans To Break Into Bank Accounts

Ivanti Vuln Exploited To Deliver New DSLog Backdoor

Meet VexTrio, A Network Of 70K Hijacked Websites Crooks Use To Sling Malware, Fraud

New macOS Backdoor Linked To Prominent Ransomware Groups

HijackLoader Variant Evades Detection, Enhances Persistence

US Says China's Volt Typhoon Hackers Pre-Positioning For Cyberattacks Against Critical Infrastructure

Feds Untether Hundreds Of Routers From Volt Typhoon Botnet

5.3k Servers Still Vulnerable To GitLab Password Reset Flaw

GitHub, NPM Registry Abused To Host SSH Key-Stealing Malware

HPE Says Russian Government Hackers Had Access To Emails For 6 Months

New Class Of CI/CD Attacks Could Have Led To PyTorch Supply Chain Compromise

Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks

SpectralBlur macOS Backdoor Linked To North Korea

Police Warns Hundreds Of Online Merchants Of Skimmers

Chinese Hackers Deliver Malware To Barracuda Email Security Appliances Via New Zero-Day

Iranian Hackers Target US Defense Sector With New Backdoor

Something Nasty Injected Login Stealing JavaScript Code Into 50k Online Banking Sessions

Hundreds Of Thousands Of Dollars In Crypto Stolen After Ledger Code Poisoned

NKabuse Backdoor Harnesses Blockchain Brawn To Hit Several Architectures

Chinese APT Volt Typhoon Linked To Unkillable SOHO Router Botnet

Think Tank Report Labels NSO, Lazarus As Cyber Mercenaries

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

Hackers Spent 2+ Years Looting Secrets Of Chipmaker NXP Before Being Detected

Novel Mirai-Based DDoS Botnet Exploits 0-Days To Infect Routers And Security Cameras

North Korean Software Supply Chain Attack Hits North America, Asia

Iranian Hackers Lurked For 8 Months In Government Network

Thousands Of Android Devices Come With Unkillable Backdoor

Android Devices With Backdoored Firmware Found In US Schools

Fake Bitwarden Site Distributes Novel RAT Malware

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combination

Marvell Disputes Claim Cavium Backdoored Chips For Uncle Sam

Fake WinRAR Exploit PoC Drops VenomRAT Malware