HackDig : Dig high-quality web security articles for hackers

New MrbMiner malware infected thousands of MSSQL DBs

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. According to security firm Tencent, the team of
Publish At:2020-09-16 05:52 | Read:197 | Comments:0 | Tags:Breaking News Cyber Crime Hacking botnet crypto Cryptocurren

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet, tracked as Vollgar botnet, that is targeting MSSQL databases since 2018. The botnet is used to launch brute-force attacks against MSSQL databases to take
Publish At:2020-04-01 15:00 | Read:619 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet crypto Hacking it s

BSidesSF CTF: Hard reversing challenge: Chameleon

For my third and final blog post about the BSidesSF CTF, I wanted to cover the solution to Chameleon. Chameleon is loosely based on a KringleCon challenge I wrote (video guide), which is loosely based on a real-world penetration test from a long time ago. Except that Chameleon is much, much harder than either. Chameleon (source), at its core, is a file encr
Publish At:2020-02-26 15:35 | Read:846 | Comments:0 | Tags:Conferences Crypto CTFs Reverse Engineering

Some crypto challenges: Author writeup from BSidesSF CTF

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:
Publish At:2019-09-19 17:55 | Read:915 | Comments:0 | Tags:Conferences Crypto Passwords Tools

In BSidesSF CTF, calc.exe exploits you! (Author writeup of launchcode)

Hey everybody, In addition to genius, whose writeup I already posted, my other favourite challenge I wrote for BSidesSF CTF was called launchcode. This will be my third and final writeup for BSidesSF CTF for 2019, but you can see all the challenges and solutions on our Github releases page. This post will be more about how I developed this, since the solutio
Publish At:2019-09-19 17:55 | Read:1348 | Comments:0 | Tags:Conferences Crypto Forensics Reverse Engineering exploit

Steganography in contemporary cyberattacks

Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός (steganos), meaning “covered, concealed, or protected”, and γράφειν (graphein) meaning “writing”. Unlike cryptography, which conceals the cont
Publish At:2017-08-03 06:35 | Read:6064 | Comments:0 | Tags:Publications APT Crypto steganography

A look into the Russian-speaking ransomware ecosystem

It is no secret that encryption ransomware is one of the key malware problems today, for both consumers and corporate users. While analyzing the attack statistics for 2016, we discovered that by the end of the year a regular user was attacked with encryption ransomware on average every 10 seconds, with an organization somewhere in the world hit around every
Publish At:2017-02-14 09:15 | Read:6233 | Comments:0 | Tags:Analysis Featured Publications Crypto Malware Statistics Ran

Going the other way with padding oracles: Encrypting arbitrary data!

A long time ago, I wrote a couple blogs that went into a lot of detail on how to use padding oracle vulnerabilities to decrypt an encrypted string of data. It's pretty important to understand to use a padding oracle vulnerability for decryption before reading this, so I'd suggest going there for a refresher. When I wrote that blog and the Poracle tool origin
Publish At:2016-12-20 02:45 | Read:5434 | Comments:0 | Tags:Crypto Hacking Tools

A Look at the Cerber Office 365 Ransomware

Reports of a Zero-day attack affecting numerous Office 365 users emerged late last month (hat tip to the researchers at Avanan), and the culprit was a new variant of the Cerber ransomware discovered earlier this year. As with the other Zero-day threats that have been popping-up like mushrooms of late, the main methods of infection is through the use of Offic
Publish At:2016-11-21 23:35 | Read:6444 | Comments:0 | Tags:Featured ThreatTrack Security Labs cerber cerber office 365

PFX Profiles in Microsoft’s System Management Server

In a recent assessment, we had to evaluate how Microsoft’s System Management Server (SMS) certificate management solution (CMS) stores and handles certificates. This question came up because sensitive, encrypted user certificates were to be stored in the SMS CMS. Due to the sensitivity of the handled certificates, we assessed the protection capabilitie
Publish At:2016-08-05 23:15 | Read:2910 | Comments:0 | Tags:Security crypto Microsoft reversing sccm

KSN Report: Ransomware in 2014-2016

Executive summary and main findings Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat
Publish At:2016-06-24 09:00 | Read:5687 | Comments:0 | Tags:Analysis Featured Publications Crypto Financial malware Malw

KSN Report: Ransomware from 2014-2016

Executive summary and main findings Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat
Publish At:2016-06-22 15:50 | Read:5655 | Comments:0 | Tags:Analysis Featured Publications Crypto Financial malware Malw

Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not?

Recently I’ve started some research on MikroTik’s RouterOS, the operating system that ships with RouterBOARD devices. As I’m running such a device myself, one day I got curious about security vulnerabilities that have been reported on the operating system and the running services as it comes with tons of features. Searching for known vulner
Publish At:2016-05-31 16:40 | Read:3727 | Comments:0 | Tags:Tools crypto javascript MS-CHAP-V2 PPTP python RC4 RouterOS

James Clapper: Snowden sped up sophistication of crypto, “it’s not a good thing”

Further ReadingReport: “Deeply divided” White House won’t support anti-encryption legislationObama administration offered feedback on bill but will avoid taking position.Director of National Intelligence James Clapper said Monday that the Snowden revelations have sped up the sophistication of encryption by "about seven years," according to the Christian Scie
Publish At:2016-04-25 17:25 | Read:4755 | Comments:0 | Tags:Law & Disorder Risk Assessment crypto encryption james clapp

Discover the Unknown: Analyzing an IoT Device

This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses. It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or t
Publish At:2016-04-12 14:20 | Read:7210 | Comments:0 | Tags:Tools AES crypto IoT network nmap NSE reversing

Tools

Tag Cloud