HackDig : Dig high-quality web security articles for hackers

SolarWinds Backdoor (Sunburst) Incident Response Playbook

Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka Sunburst). The TrustedSec Incident Response team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the backdoor. T
Publish At:2020-12-17 19:06 | Read:190 | Comments:0 | Tags:Incident Response Incident Response & Forensics Research Sec

Dox, steal, reveal. Where does your personal data end up?

The technological shift that we have been experiencing for the last few decades is astounding, not least because of its social implications. Every year the online and offline spheres have become more and more connected and are now completely intertwined, leading to online actions having real consequences in the physical realm — both good and bad. One of the
Publish At:2020-12-01 07:19 | Read:264 | Comments:0 | Tags:Featured Research Cyberbullying Cybercrime Darknet Data leak

On the trail of the XMRig miner

As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig. How it all began: ransominer Alongside well-known groups that make money from data theft and ransomware (for
Publish At:2020-10-22 07:54 | Read:335 | Comments:0 | Tags:Featured Research Cryptocurrencies Financial malware Miner T

GravityRAT: The spy returns

In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previous
Publish At:2020-10-19 06:59 | Read:431 | Comments:0 | Tags:Featured Research Cyber espionage Phishing Phishing websites

Setting the ‘Referer’ Header Using JavaScript

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense in t
Publish At:2020-09-30 11:38 | Read:280 | Comments:0 | Tags:Application Security Assessment Mobile Security Assessment P

Looking for sophisticated malware in IoT devices

One of the motivations for this post is to encourage other researchers who are interested in this topic to join in, to share ideas and knowledge and to help build more capabilities in order to better protect our smart devices. Research background Smart watches, smart home devices and even smart cars – as more and more connected devices join the IoT ecosystem
Publish At:2020-09-30 10:56 | Read:475 | Comments:0 | Tags:Featured Research Firmware Internet of Things Linux Malware

Operation PowerFall: CVE-2020-0986 and variants

In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit targeting the latest builds of Windows 10. While we already described the exploit for Internet Explorer in the original blog post, we also p
Publish At:2020-09-02 06:35 | Read:700 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Windows Vul

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for
Publish At:2020-08-12 03:19 | Read:855 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Internet Ex

Malicious Macros for Script Kiddies

Introduction Macros seem like the new hotness amongst hackers, but I thought macros were just simple scripts that some accountant in finance used to simplify their spreadsheets. How can I use and abuse these things to Hack the Planet and rule the world? How can something designed in the 90s still be relevant? In previous blog posts, I provided the foun
Publish At:2020-08-04 09:29 | Read:643 | Comments:0 | Tags:Penetration Testing Research Security Testing & Analysis

A Developer’s Introduction to Beacon Object Files

With the release of Cobalt Strike 4.1, a new feature has been added that allows code to be run in a more OPSEC friendly manner. This is implemented through what has been termed Beacon Object Files (BOFs). In this post, I will outline some of the less obvious restrictions of BOFs and share my workflow in an effort to assist anyone tasked with writing in this
Publish At:2020-07-16 09:55 | Read:513 | Comments:0 | Tags:Research

The Streaming Wars: A Cybercriminal’s Perspective

Cyber threats aren’t relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren’t APTs and massive data breaches—they’re the daily encounters with malware and spam by everyday users. And, one of the areas where we’re most vulnerable is entertainment—particularly when we’re so used to findi
Publish At:2020-07-16 08:05 | Read:549 | Comments:0 | Tags:Research Adware Cybercrime Malware Descriptions Malware Stat

Redirect auction

We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. Recently, while examining the behavior of one n
Publish At:2020-07-08 08:11 | Read:539 | Comments:0 | Tags:Featured Research Phishing Website Hacks

Pig in a poke: smartphone adware

Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get rid of it can lead to device failure. In addition, ads can be emb
Publish At:2020-07-06 08:25 | Read:666 | Comments:0 | Tags:Featured Research advertising networks Adware Mobile Malware

CVE-2020-2021: PAN-OS SAML Security Bypass

On June 29, 2020, Palo Alto released information on a Security Assertion Markup Language (SAML) authentication bypass CVE-2020-2021. Palo Alto published the advisory PAN-148988 for a critical issue affecting multiple versions of PAN-OS. An Overview of the Vulnerability Description: With network access to a device running a vulnerable version of PAN-
Publish At:2020-07-02 17:46 | Read:687 | Comments:0 | Tags:Leadership Research

Abusing Windows Telemetry for Persistence

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10.As of this posting, this persistence technique requires local admin rights to i
Publish At:2020-06-09 06:06 | Read:884 | Comments:0 | Tags:Application Security Assessment Penetration Testing Research


Tag Cloud