MITRE Groups Technique Mind Map – admin@338

Group Background According to MITRE, this is a China-based cyber threat group which conducted campaigns against Hong Kong media industry. Recent Documented Time 2015. Malware Involved Poinson Ivy Poinson Ivy (PIVY) is a remote access tools (RATs) that opens backdoor on target system and grant adversaries full control, namely: Rename, delete or execute files Modify…

Pentest – Case Studies

Boxes HackTheBox Bounty Hunter Overview JS code, used XML as post parameter to retrieve data from some source. It used .val() attribute to get the value of user input. No sanitation was applied, thus highly vulnerable to XXE injection. Web Vulnerable Code function returnSecret(data) { return Promise.resolve($.ajax({ type: "POST", data: {"data":data}, url: "tracker_diRbPr00f314.php" })); }…