HackDig : Dig high-quality web security articles

Obsidian, Taming a Collective Consciousness

The Problem On August 05, 2021, a member of the Conti ransomware group leaked some of the group’s internal playbooks and technical documentation. Irrespective of any details surrounding the leak or its contents, the event itself prompted a more widespread examination of how teams’ maintain their operational playbooks and documentation. A tweet by Mu
Publish At:2021-09-07 14:27 | Read:343 | Comments:0 | Tags:Penetration Testing Purple Team Adversarial Detection & Coun

Gaming-related cyberthreats in 2020 and 2021

The video game industry is soaring, not in the least thanks to the lockdowns, which forced people to look for new ways to entertain themselves and socialize. Even with things going back to normal, gaming is expected to have a very bright future. Newzoo estimates the industry to gross 175.8 billion USD in 2021, which is slightly less than the total revenue in
Publish At:2021-08-23 08:29 | Read:516 | Comments:0 | Tags:Research Adware Fraud Gaming malware Google Android Malware

Oh, Behave! Figuring Out User Behavior

One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behavior becomes even more important when attempting to defeat next generation of EDRs that have AI bells and
Publish At:2021-08-19 12:00 | Read:446 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

FlyTrap Android Malware Compromises Thousands of Facebook Accounts

A new Android Trojan codenamed FlyTrap has hit at least 140 countries since March 2021 and has spread to over 10,000 victims through social media hijacking, third-party app stores, and sideloaded applications. Zimperium’s zLabs mobile threat research teams recently found several previously undetected applications using Zimperium’s z9 malware eng
Publish At:2021-08-09 11:00 | Read:366 | Comments:0 | Tags:Android Mobile Security Threat Research flytrap Research tro

REvil ransomware attack against MSPs and its clients around the world

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. The total number of encrypted businesses could run into thousands. REvil ransomware h
Publish At:2021-07-05 11:21 | Read:810 | Comments:0 | Tags:Incidents Research Cybercrime RaaS Ransomware Supply-chain a

BITS Persistence for Script Kiddies

Introduction Using and abusing the BITS service is a lot of fun. I can’t believe Windows just gives away this hacker tool for free. But wait, wait, are you telling me that there’s more? Does it come with a free blender? What else can this service do for me? In the last installment, we covered the Background Intelligent Transfer Service (BIT
Publish At:2021-06-29 13:00 | Read:427 | Comments:0 | Tags:Application Security Assessment Penetration Testing Research

Remote dating: How do the apps safeguard our data?

The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. For example, the total number of swipes on Tinder increased by 11% last year, with the daily number of swipes surpassing the 3 billion mark for the first time as early as March 2020. This is hardly surprising when you consider that many places where
Publish At:2021-06-29 07:13 | Read:563 | Comments:0 | Tags:Research Data Protection Doxing Google Android HTTPS Mobile

Ransomware world in 2021: who, how and why

As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. And not without good reason. The threat may have been around a long time, but it’s changed. Year after year, the attackers have grown bolder, methodologies have been refined and, of course, systems have been
Publish At:2021-05-12 07:18 | Read:762 | Comments:0 | Tags:Research Cybercrime Darknet Malware Descriptions Ransomware

BITS for Script Kiddies

Introduction Well, I finally popped a box, but the EDR keeps sucking up all my tools. There must be a way to do some basic things on the box without getting caught. How can I poke around and do some stuff without possibly burning all my tools? After all the hard work of getting onto a box, the endpoint security protection quarantines your hacking/malic
Publish At:2021-04-13 15:51 | Read:842 | Comments:0 | Tags:Research

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation
Publish At:2021-04-13 13:57 | Read:794 | Comments:0 | Tags:Research Microsoft Windows Vulnerabilities and exploits Zero

COFFLoader: Building your own in memory loader or how to run BOFs

Intro Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if that’s the case, you came to the right place. In this post, we’ll go through the basic steps of understanding and building an in-memory loader for any type of format be that an Executab
Publish At:2021-02-22 14:00 | Read:950 | Comments:0 | Tags:Research

Front, Validate, and Redirect

In the age of threat hunting, automated mass scanning, and the occasionally curious SOC, properly securing your command and control (C2) infrastructure is key to any engagement. While many setups today include a CDN Domain Front with a custom Nginx or Apache ruleset sprinkled on top, I wanted to share my recipe for success. Fully (ab)using the services provi
Publish At:2021-02-16 13:42 | Read:836 | Comments:0 | Tags:Penetration Testing Red Team Adversarial Attack Simulation R

Group Policy for Script Kiddies

Introduction I’ve finally moved up in the world and am pwning companies instead of n00bs, but all the workstations are locked down. What is this Group Policy thing? Why is it harshing my mellow? So, you’ve finally moved up into the big leagues. You’re no longer wasting your time hacking your friends, parents, or that camping scrub from Fort
Publish At:2021-02-11 12:48 | Read:775 | Comments:0 | Tags:Research

Tailoring Cobalt Strike on Target

We’ve all been there: you’ve completed your initial recon, sent in your emails to gather those leaked HTTP headers, spent an age configuring your malleable profile to be just right, set up your CDNs, and spun up your redirectors. Then it’s time, you send in your email aaaaaand…nothing. You can see from your DNS diagnostic callbacks that
Publish At:2021-01-28 13:24 | Read:814 | Comments:0 | Tags:Penetration Testing Red Team Adversarial Attack Simulation R

Elaborate Scam App Impersonates Leading Asian Bank; Victims Duped into ‘Investing’

Campaign is still active and growing; second bank app identified Zimperium, in collaboration with a leading Asian bank, have uncovered the early stages of a coordinated effort by scammers to defraud existing and new bank customers. In this blog, we will: Alert the general public about the scam before it gains traction;  Outline the entire scam around the f
Publish At:2021-01-20 14:02 | Read:1141 | Comments:0 | Tags:App Security apps banking apps Research scamware zLabs


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud