HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Keep an Eye on Remote Access to Mailboxes

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st
Publish At:2019-11-12 03:20 | Read:194 | Comments:0 | Tags:SANS Internet Storm Center Security BEC Email SANS ISC

[SANS ISC] Microsoft Apps Diverted from Their Main Use

I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team h
Publish At:2019-11-12 03:20 | Read:229 | Comments:0 | Tags:SANS Internet Storm Center Security Microsoft Office SANS IS

[SANS ISC] Quick Malicious VBS Analysis

I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the
Publish At:2019-10-18 08:20 | Read:696 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs

I published the following diary on isc.sans.edu: “Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs“: I’m keeping an eye on the certificate transparency logs using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players
Publish At:2019-09-24 09:25 | Read:433 | Comments:0 | Tags:SANS Internet Storm Center Security remotewebaccess.Com SANS

[SANS ISC] Agent Tesla Trojan Abusing Corporate Email Accounts

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr
Publish At:2019-09-19 15:55 | Read:268 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Agent Tesla SANS

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4552 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:4006 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:3973 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2547 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

[SANS ISC] Getting some intelligence from malspam

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week. Usually, most of them
Publish At:2017-09-18 08:05 | Read:2319 | Comments:0 | Tags:Malware Security Splunk Intelligence SANS ISC

[SANS ISC] DNS Query Length… Because Size Does Matter

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on “
Publish At:2017-04-20 12:35 | Read:2953 | Comments:0 | Tags:Logs Management / SIEM SANS Internet Storm Center Security D

Integrating OpenCanary & DShield

Being a volunteer for the SANS Internet Storm Center, I’m a big fan of the DShield service. I think that I’m feeding DShield with logs for eight or nine years now. In 2011, I wrote a Perl script to send my OSSEC firewall logs to DShield. This script has been running and pushing my logs every 30 mins for years. Later, DShield was extended to colle
Publish At:2017-02-16 07:40 | Read:7828 | Comments:0 | Tags:Security Software Uncategorized Cowrie DShield Honeypot Open

Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over

A prominent cybercriminal actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today.Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks, largely because it has the reputation for quickly integ
Publish At:2015-08-20 18:25 | Read:2987 | Comments:0 | Tags:Malware Microsoft Privacy Ransomware Web Security Angler Exp

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud