HackDig : Dig high-quality web security articles for hacker

Steganography in contemporary cyberattacks

Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός (steganos), meaning “covered, concealed, or protected”, and γράφειν (graphein) meaning “writing”. Unlike cryptography, which conceals the cont
Publish At:2017-08-03 06:35 | Read:478 | Comments:0 | Tags:Publications APT Crypto steganography

A look into the Russian-speaking ransomware ecosystem

It is no secret that encryption ransomware is one of the key malware problems today, for both consumers and corporate users. While analyzing the attack statistics for 2016, we discovered that by the end of the year a regular user was attacked with encryption ransomware on average every 10 seconds, with an organization somewhere in the world hit around every
Publish At:2017-02-14 09:15 | Read:1522 | Comments:0 | Tags:Analysis Featured Publications Crypto Malware Statistics Ran

Going the other way with padding oracles: Encrypting arbitrary data!

A long time ago, I wrote a couple blogs that went into a lot of detail on how to use padding oracle vulnerabilities to decrypt an encrypted string of data. It's pretty important to understand to use a padding oracle vulnerability for decryption before reading this, so I'd suggest going there for a refresher. When I wrote that blog and the Poracle tool origin
Publish At:2016-12-20 02:45 | Read:831 | Comments:0 | Tags:Crypto Hacking Tools

A Look at the Cerber Office 365 Ransomware

Reports of a Zero-day attack affecting numerous Office 365 users emerged late last month (hat tip to the researchers at Avanan), and the culprit was a new variant of the Cerber ransomware discovered earlier this year. As with the other Zero-day threats that have been popping-up like mushrooms of late, the main methods of infection is through the use of Offic
Publish At:2016-11-21 23:35 | Read:1671 | Comments:0 | Tags:Featured ThreatTrack Security Labs cerber cerber office 365

PFX Profiles in Microsoft’s System Management Server

In a recent assessment, we had to evaluate how Microsoft’s System Management Server (SMS) certificate management solution (CMS) stores and handles certificates. This question came up because sensitive, encrypted user certificates were to be stored in the SMS CMS. Due to the sensitivity of the handled certificates, we assessed the protection capabilitie
Publish At:2016-08-05 23:15 | Read:582 | Comments:0 | Tags:Security crypto Microsoft reversing sccm

KSN Report: Ransomware in 2014-2016

Executive summary and main findings Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat
Publish At:2016-06-24 09:00 | Read:1829 | Comments:0 | Tags:Analysis Featured Publications Crypto Financial malware Malw

KSN Report: Ransomware from 2014-2016

Executive summary and main findings Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat
Publish At:2016-06-22 15:50 | Read:1478 | Comments:0 | Tags:Analysis Featured Publications Crypto Financial malware Malw

Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not?

Recently I’ve started some research on MikroTik’s RouterOS, the operating system that ships with RouterBOARD devices. As I’m running such a device myself, one day I got curious about security vulnerabilities that have been reported on the operating system and the running services as it comes with tons of features. Searching for known vulner
Publish At:2016-05-31 16:40 | Read:969 | Comments:0 | Tags:Tools crypto javascript MS-CHAP-V2 PPTP python RC4 RouterOS

James Clapper: Snowden sped up sophistication of crypto, “it’s not a good thing”

Further ReadingReport: “Deeply divided” White House won’t support anti-encryption legislationObama administration offered feedback on bill but will avoid taking position.Director of National Intelligence James Clapper said Monday that the Snowden revelations have sped up the sophistication of encryption by "about seven years," according to the Christian Scie
Publish At:2016-04-25 17:25 | Read:1357 | Comments:0 | Tags:Law & Disorder Risk Assessment crypto encryption james clapp

Discover the Unknown: Analyzing an IoT Device

This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses. It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or t
Publish At:2016-04-12 14:20 | Read:2230 | Comments:0 | Tags:Tools AES crypto IoT network nmap NSE reversing

WhatsApp is now secure by default – Why is it so important?

WhatsApp is not just any messaging app. It’s a quite unique combination of popularity and security. Many people know it as “the” messaging app. A natural choice that all your friends are using already, so it’s a no-brainer for you to use it too. But WhatsApp is also committed to provide a secure solution. They have been working with Whisper Systems for a lon
Publish At:2016-04-06 21:50 | Read:1227 | Comments:0 | Tags:Mobile Privacy Security chat communication crypto e2e encryp

WhatsApp is now most widely used end-to-end crypto tool on the planet

Further ReadingBrazil frees imprisoned Facebook exec who couldn’t decrypt WhatsApp messagesWith the help of US tax dollars, WhatsApp upped its security back in 2014.WhatsApp has enabled end-to-end encryption across all versions of its messaging and voice calling software, according to a Tuesday announcement on the company's website.Given that WhatsApp is alr
Publish At:2016-04-06 06:50 | Read:980 | Comments:0 | Tags:Law & Disorder Risk Assessment crypto encryption jan koum wh

Security vs. encryption – time for some myth busting

“In war, truth is the first casualty.” Aeschylus We are at war again. FBI vs. Apple is all over the headlines and this seems to be one of the most important battles in Crypto War II (CWII). For the record. The first Crypto War raged in the end of the last millennium. US authorities wanted, among other things, to put chips with a backdoor in phones. ISIS and
Publish At:2016-03-24 06:41 | Read:1132 | Comments:0 | Tags:Privacy Security Apple crypto crypto war crypto wars cryptog

Men behind Diffie-Hellman key exchange receive top computer science prize

Further ReadingHow the NSA can break trillions of encrypted Web and VPN connectionsResearchers show how mass decryption is well within the NSA's $11 billion budget.On Tuesday, the Association for Computing Machinery, the nation’s leading organization for computer science, awarded its annual top prize of $1 million to two men whose name will forever be immort
Publish At:2016-03-02 12:25 | Read:1423 | Comments:0 | Tags:Risk Assessment crypto diffie encryption hellman

New report contends mandatory crypto backdoors would be futile

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Sarany
Publish At:2016-02-11 22:10 | Read:782 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab backdoors cryp

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud