HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Malicious JavaScript Dropping Payload in the Registry

I published the following diary on isc.sans.edu: “Malicious JavaScript Dropping Payload in the Registry“: When we speak about “fileless” malware, it means that the malware does not use the standard filesystem to store temporary files or payloads. But they need to write data somewhere in the system for persistence or during the infe
Publish At:2020-03-27 11:30 | Read:261 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Very Large Sample as Evasion Technique?

I published the following diary on isc.sans.edu: “Very Large Sample as Evasion Technique?“: Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just the first x bytes) for perform
Publish At:2020-03-26 08:57 | Read:187 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account

I published the following diary on isc.sans.edu: “Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account“: For a few days, there are new waves of Agent Tesla landing in our mailboxes. I found one that uses two new “channels” to deliver the trojan. Today, we can potentially receive notifications and files fro
Publish At:2020-03-11 10:42 | Read:255 | Comments:0 | Tags:Malware SANS Internet Storm Center SANS ISC Cloud

[SANS ISC] A Safe Excel Sheet Not So Safe

I published the following diary on isc.sans.edu: “A Safe Excel Sheet Not So Safe“: I discovered a nice sample yesterday. This excel sheet was found in a mail flagged as “suspicious” by a security appliance. The recipient asked to release the mail from the quarantine because “it was sent from a known contact”. Before releasing such a mail from
Publish At:2020-03-06 08:55 | Read:308 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Excel Macro SANS

[SANS ISC] Show me Your Clipboard Data!

I published the following diary on isc.sans.edu: “Show me Your Clipboard Data!“: Yesterday I’ve read an article about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app that discloses the metadata of pictures copied to the
Publish At:2020-02-28 10:22 | Read:282 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC

[SANS ISC] Offensive Tools Are For Blue Teams Too

I published the following diary on isc.sans.edu: “Offensive Tools Are For Blue Teams Too“: Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you can be proactive and visibility is key. A goo
Publish At:2020-02-27 11:36 | Read:298 | Comments:0 | Tags:SANS Internet Storm Center Software Blueteam SANS ISC

[SANS ISC] Simple but Efficient VBScript Obfuscation

I published the following diary on isc.sans.edu: “Simple but Efficient VBScript Obfuscation“: Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first idea about the code beh
Publish At:2020-02-22 10:05 | Read:309 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Obfuscation SANS

[SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“: I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropp
Publish At:2020-02-07 16:20 | Read:325 | Comments:0 | Tags:Malware SANS Internet Storm Center Obfuscation SANS ISC VBSc

[SANS ISC] Why Phishing Remains So Popular?

I published the following diary on isc.sans.edu: “Why Phishing Remains So Popular?“: Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!” First of all, emails remain a
Publish At:2020-01-24 15:20 | Read:778 | Comments:0 | Tags:SANS Internet Storm Center Security Social Engineering Phish

[SANS ISC] Complex Obfuscation VS Simple Trick

I published the following diary on isc.sans.edu: “Complex Obfuscation VS Simple Trick“: Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. The Emotet malware family does not need to be presented. Very active for years, new waves of attacks are always fired using different in
Publish At:2020-01-23 08:20 | Read:481 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Emotet Maldoc Ob

[SANS ISC] Code & Data Reuse in the Malware Ecosystem

I published the following diary on isc.sans.edu: “Code & Data Reuse in the Malware Ecosystem“: In the past, I already had the opportunity to give some “security awareness” sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, it’s tempting to not reinvent the whe
Publish At:2019-12-12 08:20 | Read:555 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC

[SANS ISC] My Little DoH Setup

I published the following diary on isc.sans.edu: “My Little DoH Setup“: “DoH”, this 3-letters acronym is a buzzword on the Internet in 2019! It has been implemented in Firefox, Microsoft announced that Windows will support it soon. They are pro & con about encrypting DNS requests in  HTTPS but it’s not the goal of this di
Publish At:2019-11-25 09:25 | Read:796 | Comments:0 | Tags:SANS Internet Storm Center Security DNS DoH PiHole SANS

[SANS ISC] Keep an Eye on Remote Access to Mailboxes

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st
Publish At:2019-11-12 03:20 | Read:729 | Comments:0 | Tags:SANS Internet Storm Center Security BEC Email SANS ISC

[SANS ISC] Microsoft Apps Diverted from Their Main Use

I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team h
Publish At:2019-11-12 03:20 | Read:582 | Comments:0 | Tags:SANS Internet Storm Center Security Microsoft Office SANS IS

[SANS ISC] Quick Malicious VBS Analysis

I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the
Publish At:2019-10-18 08:20 | Read:1712 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud