While using my comrade_abe tool I discovered Edge encrypts Copilot data through the same ABE COM service as browser data. 3 dedicated Copilot interfaces (IElevatorCopilot, IElevatorCopilotDev, IElevatorCopilotInternal) all inherit EncryptData/DecryptData from IElevator. Interesting security boundary to explore further. 🤔
FYI: COMrade ABE is a simple tool to automatically discover & analyze App-Bound Encryption (ABE) COM interfaces in e.g., Chrome, Edge, and Brave. Maps inheritance chains, finds encryption methods and generates reverse engineering stubs.
2
5
1,818
6 Nov 2025
Back in October, Kaspersky @Securelist reported a new exfiltrator used by #MysteriousElephant #APT called #StomExfiltrator, which is part of their new custom tooling.
The same day, QianXin @RedDrip7 reported a new backdoor also used by the same #APT group.
We analyzed both families using our code clustering, and found several shared function between them.
The primary function of interest is "EncryptData", which is used to encrypt C2 payloads.
By retrohunting for this function, we found more samples of both families. One of them was an older variant of the backdoor that first appeared in the wild in May 2024.
🧬 IOCs:
b39a39ff30d1d92314e351d8573d533814ccfedb6240d71fcb60f8367778389b (StomExfiltrator, from Kaspersky)
0ca1ce61d917771ed344f8345a81610e4c03eb9d186353e2f339e38345e3296d (StomExfiltrator)
d6a533102f801066ddd6069e20f3a51e802852b72c6e105b6e1b8a2c035d0722 (MysteriousElephant_Backdoor, from QianXin)
090b1691a623cc6e8d956ed41ab3efdae98ab9db1bb95cbcbea3162f7a54abf9 (MysteriousElephant_Backdoor)
2
24
70
6,981
24 May 2024
Get-SmbServerConfiguration
AnnounceComment :
AnnounceServer : False
AsynchronousCredits : 512
AuditClientCertificateAccess : False
AuditClientDoesNotSupportEncryption : False
AuditClientDoesNotSupportSigning : False
AuditInsecureGuestLogon : False
AuditSmb1Access : False
AutoDisconnectTimeoutInMinutesV1 : 15
AutoDisconnectTimeoutInSecondsV2 : 900
AutoShareServer : True
AutoShareWorkstation : True
CachedOpenLimit : 10
DisableCompression : False
DisableSmbEncryptionOnSecureConnection : True
DurableHandleV2TimeoutInSeconds : 180
EnableAuthenticateUserSharing : False
EnableDirectoryHandleLeasing : True
EnableDownlevelTimewarp : False
EnableForcedLogoff : True
EnableLeasing : True
EnableMailslots : False
EnableMultiChannel : True
EnableOplocks : True
EnableSecuritySignature : False
EnableSMB1Protocol : False
EnableSMB2Protocol : True
EnableSMBQUIC : True
EnableStrictNameChecking : True
EncryptData : False
EncryptionCiphers : AES_128_GCM, AES_128_CCM, AES_256_GCM, AES_256_CCM
InvalidAuthenticationDelayTimeInMs : 2000
IrpStackSize : 15
KeepAliveTime : 2
MaxChannelPerSession : 32
MaxMpxCount : 50
MaxSessionPerConnection : 16384
MaxThreadsPerQueue : 20
MaxWorkItems : 1
NullSessionPipes :
NullSessionShares :
OplockBreakWait : 35
PendingClientTimeoutInSeconds : 120
RejectUnencryptedAccess : True
RequestCompression : False
RequireSecuritySignature : False
RestrictNamedpipeAccessViaQuic : True
ServerHidden : True
Smb2CreditsMax : 8192
Smb2CreditsMin : 512
Smb2DialectMax : None
Smb2DialectMin : None
SmbServerNameHardeningLevel : 0
TreatHostAsStableStorage : False
ValidateAliasNotCircular : True
ValidateShareScope : True
ValidateShareScopeNotAliased : True
ValidateTargetName : True
1
2
917
12 Jan 2024
Speaking of which, I need to write that encryptData / ecdsa shared secret for the wallet bridge CIP if no one else is working on it...
1
2
204
19 Nov 2023
🍯 Ending these honeypots means decentralizing PII storage, ensuring data minimization, and encrypting data wherever possible. It's not just about securing data, but also about having less data to secure. #DataDecentralization #EncryptData
1
1
10
1,908
19 Oct 2023
Ten Vital Steps to Dealership Cybersecurity l.linklyhq.com/l/1uDwR #Cybersecurity #Software #Passwords #EncryptData #Authentication #Endpoints #Cyberthreats #risks #Vulnerabilities #Cybercriminals #Cloud #CRM #FTC #AttackSolutions
1
1
76
10 Oct 2023
Securing And Scaling Your Online Store With Magento 2 Cloud On Aws
#businessowner #onlineplatform #globalnetwork #datacenter #AWS #onlinestore #development #CloudFront #cloudstorage #encryption #infrastructure #encryptdata @tycoonstoryco @tycoonstory2020
tycoonstory.com/securing-and…
ALT A secure and scalable hosting solution has been a dream for many business owners! Look no more; with Magento 2 Cloud, you can meet all your business requirements and help you build a safe and secure online platform.
4
5
49
1 Aug 2023
𝐃𝐚𝐢𝐥𝐲 𝐈𝐧𝐟𝐨𝐠𝐫𝐚𝐩𝐡𝐢𝐜𝐬 (01-08-2023)
𝐓𝐨𝐩𝐢𝐜: Akira Ransomware
For more infographics: nextias.com/infographic
#infographics #nextias #ias #august2023 #August1 #AKIRA #akiraransomware #cybersecurity #cybersecuritytips #cybersecuritynews #cert #encryptdata #encryption #cybercriminals #Malicious #maliciousfile #criticaldata #multifactorauthentication
6
347
29 Sep 2022
#Data #Encryption Market Poised To Reach a Valuation of USD 38.73 Billion by 2030, Growing at a 16.3% CAGR - Report by Market Research Future (#MRFR) #DataEncryption #encryptdata #marketresearchfuture #marketresearch bit.ly/3RocQpF
2
2
13 Aug 2022
More at entrepreneur.com/article/431…
#startupproductivity #startupgrowth #startuptechnology #cybersecurity #startup #entrepreneur #malware #phishing #encryptdata #authentication #productmarketfit #cloudsecurity #hacker #cyber #cyberrisk #digitalpower #website #digitaleconomy #fintech
5
2
26 Jul 2022
Read more forbes.com/sites/forbestechc…
#API #digitalrisk #remotework #data #digitalprivacy #cybersecurity #dataprotected #corporate #startup #entrepreneur #malware #encryptdata #cloudsecurity #hacker #cyber #cyberrisk #digitalresilience #website #fintech #ecommerce #smallbusiness #iot
3
2
2 Feb 2022
Watch this VIDEO as a certified ethical hacker breaks into a computer in just minutes. He filmed it from both ends – as the hacker, and what was happening on his victims’ machines. hubs.ly/Q012YgsQ0
#hackervideo #ransomware #encryptdata
1
19 Feb 2021
Conversely, you could argue that you could always expose functions
EncryptData(b interface{}) []byte
and DecryptData(b []byte) interface{}
3