HackDig : Dig high-quality web security articles for hackers

GravityRAT: The spy returns

In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previous
Publish At:2020-10-19 06:59 | Read:162 | Comments:0 | Tags:Featured Research Cyber espionage Phishing Phishing websites

Setting the ‘Referer’ Header Using JavaScript

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense in t
Publish At:2020-09-30 11:38 | Read:65 | Comments:0 | Tags:Application Security Assessment Mobile Security Assessment P

Looking for sophisticated malware in IoT devices

One of the motivations for this post is to encourage other researchers who are interested in this topic to join in, to share ideas and knowledge and to help build more capabilities in order to better protect our smart devices. Research background Smart watches, smart home devices and even smart cars – as more and more connected devices join the IoT ecosystem
Publish At:2020-09-30 10:56 | Read:225 | Comments:0 | Tags:Featured Research Firmware Internet of Things Linux Malware

Operation PowerFall: CVE-2020-0986 and variants

In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit targeting the latest builds of Windows 10. While we already described the exploit for Internet Explorer in the original blog post, we also p
Publish At:2020-09-02 06:35 | Read:242 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Windows Vul

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for
Publish At:2020-08-12 03:19 | Read:600 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Internet Ex

Malicious Macros for Script Kiddies

Introduction Macros seem like the new hotness amongst hackers, but I thought macros were just simple scripts that some accountant in finance used to simplify their spreadsheets. How can I use and abuse these things to Hack the Planet and rule the world? How can something designed in the 90s still be relevant? In previous blog posts, I provided the foun
Publish At:2020-08-04 09:29 | Read:371 | Comments:0 | Tags:Penetration Testing Research Security Testing & Analysis

A Developer’s Introduction to Beacon Object Files

With the release of Cobalt Strike 4.1, a new feature has been added that allows code to be run in a more OPSEC friendly manner. This is implemented through what has been termed Beacon Object Files (BOFs). In this post, I will outline some of the less obvious restrictions of BOFs and share my workflow in an effort to assist anyone tasked with writing in this
Publish At:2020-07-16 09:55 | Read:323 | Comments:0 | Tags:Research

The Streaming Wars: A Cybercriminal’s Perspective

Cyber threats aren’t relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren’t APTs and massive data breaches—they’re the daily encounters with malware and spam by everyday users. And, one of the areas where we’re most vulnerable is entertainment—particularly when we’re so used to findi
Publish At:2020-07-16 08:05 | Read:313 | Comments:0 | Tags:Research Adware Cybercrime Malware Descriptions Malware Stat

Redirect auction

We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. Recently, while examining the behavior of one n
Publish At:2020-07-08 08:11 | Read:317 | Comments:0 | Tags:Featured Research Phishing Website Hacks

Pig in a poke: smartphone adware

Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get rid of it can lead to device failure. In addition, ads can be emb
Publish At:2020-07-06 08:25 | Read:471 | Comments:0 | Tags:Featured Research advertising networks Adware Mobile Malware

CVE-2020-2021: PAN-OS SAML Security Bypass

On June 29, 2020, Palo Alto released information on a Security Assertion Markup Language (SAML) authentication bypass CVE-2020-2021. Palo Alto published the advisory PAN-148988 for a critical issue affecting multiple versions of PAN-OS. An Overview of the Vulnerability Description: With network access to a device running a vulnerable version of PAN-
Publish At:2020-07-02 17:46 | Read:381 | Comments:0 | Tags:Leadership Research

Abusing Windows Telemetry for Persistence

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10.As of this posting, this persistence technique requires local admin rights to i
Publish At:2020-06-09 06:06 | Read:557 | Comments:0 | Tags:Application Security Assessment Penetration Testing Research

Aggressive in-app advertising in Android

Recently, we’ve been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we will look into a few examples of suspicious-looking ad m
Publish At:2020-05-25 06:21 | Read:603 | Comments:0 | Tags:Featured Research Adware Google Android

The VBA Language for Script Kiddies

Introduction Thanks to your super spiffy explainer on macros, I know why I should go old school and start coding in VBA, but I can’t even read it, let alone hack it. Do you have Google translate for VBA or possibly a Babel fish? Great, I’ve convinced you that you need to start looking at macros again and learn a little VBA, and if you haven’t, re-read
Publish At:2020-05-18 12:54 | Read:364 | Comments:0 | Tags:Research

Developing with VBA for Script Kiddies

Introduction Now that I can read these macros and code snippets on stackexchange, how do I really make use of VBA? There must be more than meets the eye. How can I transform this BASIC code into something to pwn the world? I want to develop something! After learning the reason we should be looking at VBA again in part 1: “Intro To Macros and VBA
Publish At:2020-05-18 12:54 | Read:482 | Comments:0 | Tags:Research

Tools

Tag Cloud