November 27, 2022

TSD #017: Interpol Ain't Rusty.

Hello friend 👋

I'm recovering from a minor chest infection, but you shouldn't notice in my videos because I have a content buffer of a few weeks at any one time. Plenty of rest and green tea for me!

It's been an awesome week in the cyber landscape. Lots to talk about, let's go!

Interpol arrest almost 1,000 people

Interpol fraud investigators across the globe have worked together for five months (28th June – 23rd November) to intercept money linked to financial crime and money laundering and return funds to victims where possible. They went after the people behind voice phishing, romance scams, sextortion, investment fraud and money laundering associated with illegal online gambling.

The operation was given the codename 'HAECHI III' and was conducted across 30 countries. It led to the arrests of 975 suspects and the seizure of $130m spread across 2,800 accounts. Unreal! The press release on Interpol's website is well worth a read.

More ransomware groups move to Rust

Rust is a relatively new programming language that was launched by Mozilla (the Firefox people) in 2010. Ransomware gangs like BlackCat and Hive switched to Rust-based ransomware recently and now RansomExx is joining their ranks. The reason? Rust is really nice to work with and has lower detection rates in endpoint security tools like anti-virus. This makes it more reliable to deploy into victim networks. Which means more infections and more money. Microsoft stated that "Rust offers other benefits to malware developers. For example, it has deep control over low-level resources, offers a user-friendly syntax, offers a wide variety of cryptographic libraries, and is more difficult to reverse-engineer than more commonly used programming languages." So if you're learning a new programming language over the upcoming holidays, why not check out Rust?

You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.

Until next week,

Gary ✌️

Fun Things This Week

📽 My New Video

Let's Hack with a Reverse Shell: Let's learn how to get an initial foothold by uploading a PHP reverse shell to an unsecured WebDAV service and catching our reverse shell in a Netcat listener.


I don't know how, but I missed Darknet Diaries' 15th November edition! So maybe you did too. I haven't listened yet but this is part 1 of a longer story about how "Brett Johnson was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed." Jack never fails to deliver. I've got a 4 hour drive to the Peak District today, so I'll be tuning into this on the way.

📘 Books

Last week I mentioned that I was working on a list of awesome cyber and InfoSec books for you to consider reading over the Winter. Well, it's here! There are some banging books on the list, mostly factual, but a couple of really good fiction ones too. Let me know if you get a hold of one! I've written a short review for each book on my blog so you can make your choice more easily.

👾 Cool Tools

nuvola is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax.

Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things.

Hack-Tools is a Chrome & Firefox extension that facilitates web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more.

If you've written a tool and you'd like me to see it, just drop me an email!

P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️

More Articles
Subscribe to The Sunday Download

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.