– Without drush, using CLI access to the server: cd – Using the drush command: drush8 user - password admin - password = "new_password" Let’s see how our Support Engineers set up password encryption in Drupal ![]() In Drupal 8, there are several ways to set an encrypted password. In fact, Drupal does such a good job with the password encryption method. This encryption technique keeps away direct access to plaintext password due to the hash salt so that it is difficult to decrypt. In Drupal, the password saved in the database is in encrypted format & obscured against brute force attacks. Today, we’ll see how our Support Engineers configure password encryption in Drupal & fix the related issues. That’s why, at Bobcares, we often get requests from our customers to set up “Drupal password encryption” as part of our Server Management Services. Thanks to strong Drupal password encryption, it avoids password compromise to a larger extent.īut, configuring password encryption may not be straight-forward always. Another oddity in the world of malware! The IOC’s are listed below in case anyone else wants to take a closer look. ![]() But for some reason, this executable isn’t referenced or called upon elsewhere in the ransomware. ![]() Unpacking this file shows some hall marks of functions which look to act as a stealer. “ aescrypt.exe -d -p 6SOBuGWPotmU73nrZE1b3UEH412pSGL8 -o AC.doc AC.doc.lck”Īnother oddity is that the file extd.exe which got dropped, is another PureBasic file but packed with UPX. “ aescrypt.exe -e -p 6SOBuGWPotmU73nrZE1b3UEH412pSGL8 -o AC.doc.lck AC.doc” As the aescrypt.exe command contains a password used during encryption, if you know the password used for encryption, you can modify the command slightly from… The crazy thing is that despite all this effort by the malware author(s), the files can in fact be decrypted quite easily. While this wasn’t a deep dive into RE, the power of dynamic analysis can often prove more time efficient in order to obtain an understanding as to the sample that you are analysing. I have CygWin installed on my Windows analyst VM to make life easier. Next I run the file command to see what filetype the sample is classified as. Depending on the outcome of the searches, I may decide to include or omit these values in the report. These can at times be useful for searching similar samples. Additionally I may also note the SSDeep, ImpHash and TLSH hash values. ![]() I note these values down if I aim to write a report, as they would typically be included in the Indicators of Compromise section of a report. Primarily these are MD5, SHA1 and SHA256. I begin with noting down the hashes of the sample. The first tweet regarding BleachGap by Petrovic can be found here.Īmigo-A tweeted that they added a writeup to their site here. The IOC’s can be found at the end of this post. This post details the steps taken with my thought process which I hope you find useful. I decided to download the sample and take a quick look. Upon hunting for malware on VirusTotal using VT search modifiers, I stumbled into a sample which at the time of discovery contained only 30 detections out of around 70 AV engines.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |