#ContiLeak 🧵! This time, management/developpers documentation 📄
CODING PRINCIPLES
Those are surprisingly good principles. "The wrong choice will grow in the code forever!" ✅✅✅✅✅ FACTS
GIT POLICY
Like all of us, they use git for all the good reasons :) Perhaps the most interesting thing is that they actually track issues in an "accounting system" with ticket numbers (3rd image). JIRA USERS REJOICE, IF CRIMINALS DO IT IT MUST BE USEFUL🎉🎉🎉🎉
ISSUE TRACKING AND PROJECT DEVELOPMENT
This text was written by every project manager and scrum master who has ever lived 😂 You can litteraly give this piece of text to any software development business and it applies to them
INSTRUCTION TO THE TECHNICAL MANAGER
The technical manager manages HR, half of this documentation is how to deal with humans👨‍👨‍👦‍👦But they have a lot of responsabilities, like code review and managing hires
BUG REPORTING RULES
Ransomware groups, like all of us, HATE IT when they receive reports that their program has bugs but without the needed context to fix it 😤😤
SAFETY PRECAUTIONS
Opsec tips from hackers! There are 12 bullet points, and they all aim at reducing the amount of information that can be linked to the real "you". I didn't know about whoer.net, interesting website!
Yes Conti, ALWAYS check unknown files on @virustotal , ESPECIALLY the ones you're compiling from source please 🙏🙏
TRACKING TASKS IN THE BUG TRACKER
This is a heavy process (see 3rd image), and why would I create jira tickets for a solo project?? YOU'RE SLOWING DOWN INNOVATION CONTI 😡
I'll end this 🧵 here, there are a lot more docs detailling more technical things, like their RDP scanner/ bruteforcer, website/sql vulnerability scanner, vpn module, OWA creds stuffing for top 50 000 alexa websites, and more. I might look into it later, but rn im exhausted :)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Émilio Gonzalez @res260@infosec.exchange

Émilio Gonzalez @res260@infosec.exchange Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @res260

Mar 3, 2022
Another #ContiLeaks 🧵This one should be smaller 😂 In the rocketchat logs, a channel "manuals_team_c" contained 16 procedures from reconnaissance to exfiltration. I translated (with the help of @sys6x) them, here they are: github.com/Res260/conti_2…
INITIAL ACTIONS
This one details the general ideas and the steps most cases will require. Reconnaissance using AD, enum shares, privesc, creds dumping using known techniques, etc. I found interesting that they inject a TLS listener. I wonder if it yields good results.
USEFUL COMMANDS
This one details how to take control of a host, presumably from the trickbot/bazar botnet console, and a lot of frequent commands. Those are small cmds, but we'll see that they have some longer cmds as well. Also mention the need to find the NAS to delete backups
Read 17 tweets
Feb 28, 2022
So, Conti chat logs were leaked, I got my hand on a google-translated version of it, I'll document what I found interesting 🧵
March 2021: They tried to get ahold of a @vmw_carbonblack license, detailing their roadblocks and options: Image
Conti "employees" are in fact employees and request days off and maintain non-profesionnal (or, to the very least, friendly) relationships with colleagues ImageImage
Read 72 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(