Open in app

Sign In

Write

Sign In

heige
heige

169 Followers

Home

About

Sep 12, 2021

ZoomEye Behavior Mapping For Office Word 0day (CVE-2021–40444) Original Attacker

Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 09/12/2021 [Note: The ZoomEye search data in the article is based on the results of the query on September 11, and the target data has been overwritten and updated] Before starting the article, please read the following articles to facilitate understanding…

Zoomeye

11 min read

Zoomeye

11 min read


Sep 8, 2021

One ZoomEye Query Cleans BazarLoader C2s

Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 09/08/2021 Yesterday, a detailed article on “behavior mapping” in cyberspace was published. The article introduced an example of using a ZoomEye query to get all the Trickbot C2 ips all at once: https://80vul.medium.com/behavior-mapping-in-cyberspace-one-net-cleans-apt-and-botnet-c2s-ed49a9b7d426 Today I will bring you another typical case:…

Zoomeye

3 min read

One ZoomEye Query Cleans BazarLoader C2s
One ZoomEye Query Cleans BazarLoader C2s
Zoomeye

3 min read


Sep 7, 2021

“Behavior Mapping” in Cyberspace — One Net(Query) Cleans APT and Botnet C2s

Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 09/07/2021 “Behavior (American English) or behaviour (British English; see spelling differences) is the actions and mannerisms made by individuals, organisms, systems or artificial entities in conjunction with themselves or their environment, which includes the other systems or organisms around as well…

Zoomeye

4 min read

“Behavior Mapping” in Cyberspace — One Net Cleans APT and Botnet C2s
“Behavior Mapping” in Cyberspace — One Net Cleans APT and Botnet C2s
Zoomeye

4 min read


Jun 15, 2021

Cyberspace Surveying and Mapping in National Power Outages and Network outages Events

Author: Heige (a.k.a Superhei) of KnownSec 404 Team https://twitter.com/80vul 06/15/2021 In recent years, there have been many cases of power outages at the national level due to cyber attacks and other reasons. …

Zoomeye

3 min read

Cyberspace Surveying and Mapping in National Power Outages and Network outages Events
Cyberspace Surveying and Mapping in National Power Outages and Network outages Events
Zoomeye

3 min read


Apr 7, 2021

ZoomEye latest release and double-layer events this month

* Add filter “iconhash:” to support favicon.ico hash search (support both md5 hash and mmh3 hash) Eg: iconhash:891e510219786f543ca998282ed99f45 or iconhash:325177753

Zoomeye

2 min read

ZoomEye latest release and double-layer events this month
ZoomEye latest release and double-layer events this month
Zoomeye

2 min read


Feb 10, 2021

ZoomEye report on HTTPS DTLS protocol that is used in ddos reflection amplification attack mapping

Previously, ZoomEye released a survey report on the Plex UDP port used for reflection amplification DDos attacks (https://80vul.medium.com/zoomeye-report-nearly-40-000-plex-services-around-the-world-may-be-used-for-reflective-ddos-c1257dade7df ). Baidu Labs released a report (https://paper.seebug.org/1482/ ) on the use of https DTLS protocol for reflection amplification DDos attacks on February 5, 2021.

Zoomeye

2 min read

ZoomEye report on HTTPS DTLS protocol that is used in ddos reflection amplification attack mapping
ZoomEye report on HTTPS DTLS protocol that is used in ddos reflection amplification attack mapping
Zoomeye

2 min read


Feb 3, 2021

[ZoomEye Report] Nearly 40,000 Plex services around the world may be used for reflective DDos attacks

On January 7, 2021, Baidu Security Lab issued an early warning saying that a DDoS reflection attack initiated by the network service of Plex (media playback platform) was captured in January 2021 [1] According to the article of Baidu Security Lab, the hacker used the DDoS reflection attack based on…

Zoomeye

2 min read

[ZoomEye Report] Nearly 40,000 Plex services around the world may be used for reflective DDos…
[ZoomEye Report] Nearly 40,000 Plex services around the world may be used for reflective DDos…
Zoomeye

2 min read


Jan 16, 2021

Talk about cross-surveying and mapping in cyberspace

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 01/16/2021 Currently, the objects of cyberspace surveying and mapping are mainly around IPv4/IPv6/website/darkweb ,Of course most search engines only support IPv4/IPv6 addresses . …

Shodan

4 min read

Talk about cross-surveying and mapping in cyberspace
Talk about cross-surveying and mapping in cyberspace
Shodan

4 min read


Dec 10, 2020

Talk about the recent ZoomEye updates

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 12/10/2020 As the world’s leading search engine for cyberspace mapping, ZoomEye has been working hard! I would like to thank all the friends who support ZoomEye. API-KEY ZoomEye has always been committed to being more friendly and open to developers. For example, in August…

4 min read

Talk about the recent ZoomEye updates
Talk about the recent ZoomEye updates

4 min read


May 25, 2020

Look for traces of APT attacks through the ZoomEye history api

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 05/25/2020 [Article release: https://paper.seebug.org/1219/ (Chinese) https://paper.seebug.org/1220/ (English)] We had released ZoomEye’s historical data API query interface in ZoomEye 2020 that had launched in January this year: https://medium.com/@80vul/zoomeye-2020-has-started-8414d6aaf38 …

Zoomeye

5 min read

Look for traces of APT attacks through the ZoomEye history api
Look for traces of APT attacks through the ZoomEye history api
Zoomeye

5 min read

heige

heige

169 Followers

The Leader of the KnownSec 404 Team ( ZoomEye http://www.zoomeye.org SeeBug http://www.seebug.org KCon http://kcon.knownsec.com)

Following
  • Knownsec 404 team

    Knownsec 404 team

  • @bertinjoseb

    @bertinjoseb

  • Johnny Yu (@straight_blast)

    Johnny Yu (@straight_blast)

  • Wallarm

    Wallarm

  • Eric Holmes

    Eric Holmes

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech