HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Keep an Eye on Remote Access to Mailboxes

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st
Publish At:2019-11-12 03:20 | Read:77 | Comments:0 | Tags:SANS Internet Storm Center Security BEC Email SANS ISC

[SANS ISC] Microsoft Apps Diverted from Their Main Use

I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team h
Publish At:2019-11-12 03:20 | Read:82 | Comments:0 | Tags:SANS Internet Storm Center Security Microsoft Office SANS IS

[SANS ISC] Quick Malicious VBS Analysis

I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the
Publish At:2019-10-18 08:20 | Read:362 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs

I published the following diary on isc.sans.edu: “Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs“: I’m keeping an eye on the certificate transparency logs using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players
Publish At:2019-09-24 09:25 | Read:408 | Comments:0 | Tags:SANS Internet Storm Center Security remotewebaccess.Com SANS

[SANS ISC] Agent Tesla Trojan Abusing Corporate Email Accounts

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr
Publish At:2019-09-19 15:55 | Read:241 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Agent Tesla SANS

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4482 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:3932 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:3857 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2515 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

[SANS ISC] DNS Query Length… Because Size Does Matter

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on “
Publish At:2017-04-20 12:35 | Read:2840 | Comments:0 | Tags:Logs Management / SIEM SANS Internet Storm Center Security D

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits.The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryp
Publish At:2015-11-25 16:45 | Read:3457 | Comments:0 | Tags:Malware Ransomware Web Security Angler Exploit Kit BizCN Bra

New Campaign Shows Dridex Active, Targeting French

Two weeks after authorities announced they had taken down the botnet behind the banking malware Dridex, new research suggests the threat is alive and well.Researchers with the firm Invincea announced today that they’ve noticed 60 instances of attackers dropping Dridex on users in France, just over the past four days. As part of a newly reinvigorated ca
Publish At:2015-10-26 15:40 | Read:3001 | Comments:0 | Tags:Malware Uncategorized Brad Duncan Dridex Invincea SANS Inter

WordPress Compromises Behind Spike in Neutrino EK Traffic

Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said.In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlier. Those sites are backdoored and redirect a victim’
Publish At:2015-08-21 12:00 | Read:3107 | Comments:0 | Tags:Malware Vulnerabilities Web Security Angler Exploit Kit cyrp

Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over

A prominent cybercriminal actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today.Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks, largely because it has the reputation for quickly integ
Publish At:2015-08-20 18:25 | Read:2978 | Comments:0 | Tags:Malware Microsoft Privacy Ransomware Web Security Angler Exp

Click-Fraud Malware Spreading via JavaScript Attachments

A new malware campaign has been spotted that has begun seeding spam messages with a downloader heavily obfuscated with JavaScript. The SANS Internet Storm Center said today that two days ago, a flood of spam messages were observed laced with .js attachments.The JavaScript obfuscates a downloader that once it’s installed on a compromised machine, calls
Publish At:2015-07-29 20:05 | Read:3261 | Comments:0 | Tags:Malware Privacy Brad Duncan Click fraud Kovter malicious Jav

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud