HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Compromized Desktop Applications by Web Technologies

I published the following diary on isc.sans.edu: “Compromized Desktop Applications by Web Technologies”: For a long time now, it has been said that “the new operating system is the browser”. Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances,
Publish At:2020-07-25 14:17 | Read:228 | Comments:0 | Tags:SANS Internet Storm Center Security Compromized JavaScript M

[SANS ISC] Simple Blacklisting with MISP & pfSense

I published the following diary on isc.sans.edu: “Simple Blacklisting with MISP & pfSense“: Here is an example of a simple but effective blacklist system that I’m using on my pfSense firewalls. pfSense is a very modular firewall that can be expanded with many packages. About blacklists, there is a well-known one called pfBlocklist. P
Publish At:2020-07-23 08:09 | Read:114 | Comments:0 | Tags:SANS Internet Storm Center Security Blacklist IOC MISP pfSen

[SANS ISC] Sextortion to The Next Level

I published the following diary on isc.sans.edu: “Sextortion to The Next Level“: For a long time, our mailboxes are flooded with emails from “hackers” (note the quotes) who pretend to have infected our computers with malware. The scenario is always the same: They successfully collected sensitive pieces of evidence about us (usually, men visiti
Publish At:2020-06-16 15:54 | Read:146 | Comments:0 | Tags:OSINT SANS Internet Storm Center Security SANS ISC

[SANS ISC] Anti-Debugging JavaScript Techniques

I published the following diary on isc.sans.edu: “Anti-Debugging JavaScript Techniques“: For developers who write malicious programs, it’s important to make their code not easy to be read and executed in a sandbox. Like most languages, there are many ways to make the life of malware analysts mode difficult (or more exciting, depending on the s
Publish At:2020-06-11 08:30 | Read:155 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Anti-Debugging Technique based on Memory Protection

I published the following diary on isc.sans.edu: “Anti-Debugging Technique based on Memory Protection“: Many modern malware samples implement defensive techniques. First of all, we have to distinguish sandbox-evasion and anti-debugging techniques. Today, sandboxes are an easy and quick way to categorize samples based on their behavior. Malware
Publish At:2020-06-04 06:38 | Read:222 | Comments:0 | Tags:Malware SANS Internet Storm Center Security

[SANS ISC] AgentTesla Delivered via a Malicious PowerPoint Add-In

I published the following diary on isc.sans.edu: “AgentTesla Delivered via a Malicious PowerPoint Add-In“: Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common technique
Publish At:2020-05-24 06:01 | Read:258 | Comments:0 | Tags:Malware SANS Internet Storm Center Security AgentTesla Power

[SANS ISC] Using Nmap As a Lightweight Vulnerability Scanner

I published the following diary on isc.sans.edu: “Using Nmap As a Lightweight Vulnerability Scanner“: Yesterday, Bojan wrote a nice diary about the power of the Nmap scripting language (based on LUA). The well-known port scanner can be extended with plenty of scripts that are launched depending on the detected ports. When I read Bojan’s
Publish At:2020-05-18 13:07 | Read:327 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC Vulnerability

[SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion

I published the following diary on isc.sans.edu: “Malicious Excel With a Strong Obfuscation and Sandbox Evasion“: For a few weeks, we see a bunch of Excel documents spread in the wild with Macro V4. But VBA macros remain a classic way to drop the next stage of the attack on the victim’s computer. The attacker has many ways to fetch the next st
Publish At:2020-05-03 06:24 | Read:366 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Evasion Obfuscat

[SANS ISC] Malicious JavaScript Dropping Payload in the Registry

I published the following diary on isc.sans.edu: “Malicious JavaScript Dropping Payload in the Registry“: When we speak about “fileless” malware, it means that the malware does not use the standard filesystem to store temporary files or payloads. But they need to write data somewhere in the system for persistence or during the infe
Publish At:2020-03-27 11:30 | Read:1702 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Very Large Sample as Evasion Technique?

I published the following diary on isc.sans.edu: “Very Large Sample as Evasion Technique?“: Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just the first x bytes) for perform
Publish At:2020-03-26 08:57 | Read:537 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account

I published the following diary on isc.sans.edu: “Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account“: For a few days, there are new waves of Agent Tesla landing in our mailboxes. I found one that uses two new “channels” to deliver the trojan. Today, we can potentially receive notifications and files fro
Publish At:2020-03-11 10:42 | Read:485 | Comments:0 | Tags:Malware SANS Internet Storm Center SANS ISC Cloud

[SANS ISC] A Safe Excel Sheet Not So Safe

I published the following diary on isc.sans.edu: “A Safe Excel Sheet Not So Safe“: I discovered a nice sample yesterday. This excel sheet was found in a mail flagged as “suspicious” by a security appliance. The recipient asked to release the mail from the quarantine because “it was sent from a known contact”. Before releasing such a mail from
Publish At:2020-03-06 08:55 | Read:567 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Excel Macro SANS

[SANS ISC] Show me Your Clipboard Data!

I published the following diary on isc.sans.edu: “Show me Your Clipboard Data!“: Yesterday I’ve read an article about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app that discloses the metadata of pictures copied to the
Publish At:2020-02-28 10:22 | Read:627 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC

[SANS ISC] Offensive Tools Are For Blue Teams Too

I published the following diary on isc.sans.edu: “Offensive Tools Are For Blue Teams Too“: Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you can be proactive and visibility is key. A goo
Publish At:2020-02-27 11:36 | Read:475 | Comments:0 | Tags:SANS Internet Storm Center Software Blueteam SANS ISC

[SANS ISC] Simple but Efficient VBScript Obfuscation

I published the following diary on isc.sans.edu: “Simple but Efficient VBScript Obfuscation“: Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first idea about the code beh
Publish At:2020-02-22 10:05 | Read:2133 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Obfuscation SANS

Tools

Tag Cloud