HackDig : Dig high-quality web security articles

Threat in your browser: what dangers innocent-looking extensions hold for users

Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do all of the above and more, improving convenience, productivity and efficiency for free, which is why they are so popular. Chrome, Safari, Mozilla — these and many other major Web browsers — have their own online stores to distribute thousands of extens
Publish At:2022-08-16 05:46 | Read:152 | Comments:0 | Tags:Research Adware Browser Browser Plugins Data theft Firefox G

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object of research. As a rule, this means that the source code of the
Publish At:2022-07-06 06:24 | Read:489 | Comments:0 | Tags:Research Emulation Firmware Fuzzing Internet of Things Linux

A Diamond in the Ruff

This blog post was co-authored with Charlie Clark at Semperis 1.1      Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION W
Publish At:2022-07-05 15:14 | Read:490 | Comments:0 | Tags:Penetration Testing Red Team Adversarial Attack Simulation R

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and
Publish At:2022-06-23 06:23 | Read:771 | Comments:0 | Tags:Research Cybercrime Malware Technologies Ransomware Targeted

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organiz
Publish At:2022-06-15 06:17 | Read:1320 | Comments:0 | Tags:Research Darknet Data leaks Ransomware RDP Internal threats

WMI Providers for Script Kiddies

Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed the WMI model and
Publish At:2022-06-09 12:11 | Read:651 | Comments:0 | Tags:Penetration Testing Research Security Testing & Analysis

Router security in 2021

A router is a gateway from the internet to a home or office —  despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. Keeping this gate locked so that no one can stroll right through is no easy task. It is not always clear just how this locking works, especially when it comes to home
Publish At:2022-06-08 10:15 | Read:1188 | Comments:0 | Tags:Research Backdoor DDoS-attacks Malware Router Vulnerabilitie

ISaPWN – research on the security of ISaGRAF Runtime

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team (RA PSIRT) of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment. According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple products in various industries across the globe and its use
Publish At:2022-05-23 10:14 | Read:632 | Comments:0 | Tags:Research Controllers Encryption Firmware Industrial control

ELFLoader: Another In Memory Loader Post

Intro Now that BOFs are commonplace for Windows agents, some people have talked about wanting a non-Windows only version. In this blog post, we’ve got something for you: the same thing but for Linux/Mac. The process of building in memory loaders are the same, no matter the file format type. In this case, we’ll just cover the differences between the proces
Publish At:2022-05-04 12:00 | Read:863 | Comments:0 | Tags:Research Security Testing & Analysis

g_CiOptions in a Virtualized World

With the leaking of code signing certificates and exploits for vulnerable drivers becoming common occurrences, adversaries are adopting the kernel as their new playground. And with Microsoft making technologies like Virtualization Based Security (VBS) and Hypervisor Code Integrity (HVCI) available, I wanted to take some time to understand just how vulnerable
Publish At:2022-05-02 12:00 | Read:2353 | Comments:0 | Tags:Penetration Testing Purple Team Adversarial Detection & Coun

WMI for Script Kiddies

Introduction Let’s say an ‘Administrator’ lands on a target network host and wants to look around and ‘administer’ the system without uploading any new tools… How can I do that without burning any of my Script Kiddie tools? WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for mana
Publish At:2022-01-20 11:58 | Read:1359 | Comments:0 | Tags:Architecture Review Penetration Testing Research Security Te

Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

Main facts Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Operators of these campaigns hunt for corporate credentials, aiming to commit financial fraud or to sell them to other malicious actors. Spearphishing emails with malicious attachments sent from compromised corporate mailboxes to their contacts. The a
Publish At:2022-01-19 06:07 | Read:2783 | Comments:0 | Tags:Research Cybercrime Industrial control systems Malware Stati

How and why do we attack our own Anti-Spam?

We often use machine-learning (ML) technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to “fool” them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore, it is vital that we know about all potential vulne
Publish At:2021-12-20 07:19 | Read:1892 | Comments:0 | Tags:Research Backdoor Data poisoning Machine learning Proactive

The life cycle of phishing pages

Introduction In this study, we analyzed how long phishing pages survive as well as the signs they show when they become inactive. In addition to the general data, we provided a number of options for classifying phishing pages according to formal criteria and analyzed the results for each of them. The resulting data and conclusions could be used to improve me
Publish At:2021-12-09 07:19 | Read:4313 | Comments:0 | Tags:Research Phishing Phishing websites Thematic phishing Websit

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing contestants’ ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The attacker challenge was split into two tracks — Anti-Malwa
Publish At:2021-10-28 11:28 | Read:2212 | Comments:0 | Tags:Events Research Deception techniques Machine learning Malwar


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud