HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild?

I published the following diary on isc.sans.edu: “Dynamic Data Exchange (DDE) is Back in the Wild?‘”: DDE or “Dynamic Data Exchange” is a Microsoft technology for interprocess communication used in early versions of Windows and OS/2. DDE allows programs to manipulate objects provided by other programs, and respond to user act
Publish At:2021-02-19 08:13 | Read:110 | Comments:0 | Tags:Malware SANS Internet Storm Center Security DDE SANS ISC Wor

[SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File

I published the following diary on isc.sans.edu: “Agent Tesla Dropped Through Automatic Click in Microsoft Help File‘”: Attackers have plenty of resources to infect our systems. If some files may look suspicious because the extension is less common (like .xsl files), others look really safe and make the victim confident to open it. I spo
Publish At:2021-02-12 08:31 | Read:170 | Comments:0 | Tags:Malware SANS Internet Storm Center Security AgentTesla CHM H

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly ha
Publish At:2021-02-09 02:36 | Read:177 | Comments:0 | Tags:Ne'er-Do-Well News Web Fraud 2.0 Australian Federal Police B

[SANS ISC] Malware Victim Selection Through WiFi Identification

I published the following diary on isc.sans.edu: “Malware Victim Selection Through WiFi Identification“: Last week, I found a malware sample that does nothing fancy, it’s a data stealer but it has an interesting feature. It’s always interesting to have a look at the network flows generated by malware samples. For a while, attackers
Publish At:2020-12-22 08:31 | Read:341 | Comments:0 | Tags:Malware SANS Internet Storm Center Security BSSID GeoIP SANS

[SANS ISC] Python Backdoor Talking to a C2 Through Ngrok

I published the following diary on isc.sans.edu: “Python Backdoor Talking to a C2 Through Ngrok“: I spotted a malicious Python script that implements a backdoor. The interesting behavior is the use of Ngrok to connect to the C2 server. Ngrok has been used for a while by attackers. Like most services available on the Internet, it has been abuse
Publish At:2020-12-10 11:49 | Read:253 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Backdoor Ngrok P

[SANS ISC] PowerShell Dropper Delivering Formbook

I published the following diary on isc.sans.edu: “PowerShell Dropper Delivering Formbook“: Here is an interesting PowerShell dropper that is nicely obfuscated and has anti-VM detection. I spotted this file yesterday, called ‘ad.jpg’ (SHA256:b243e807ed22359a3940ab16539ba59910714f051034a8a155cc2aff28a85088). Of course, it’s not
Publish At:2020-11-19 08:49 | Read:359 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Obfuscation Powe

[SANS ISC] Quick Status of the CAA DNS Record Adoption

I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since this dia
Publish At:2020-10-30 09:06 | Read:396 | Comments:0 | Tags:SANS Internet Storm Center Security CAA Certificate Domain S

[SANS ISC] Malicious Word Document with Dynamic Content

I published the following diary on isc.sans.edu: “Malicious Word Document with Dynamic Content“: Here is another malicious Word document that I spotted while hunting. “Another one?” may ask some of our readers. Indeed but malicious documents remain a very common infection vector and you learn a lot when you analyze them. I was rece
Publish At:2020-09-30 11:51 | Read:371 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Office PowerShel

[SANS ISC] Party in Ibiza with PowerShell

I published the following diary on isc.sans.edu: “Party in Ibiza with PowerShell“: Today, I would like to talk about PowerShell ISE or “Integration Scripting Environment”. This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key
Publish At:2020-09-30 11:51 | Read:426 | Comments:0 | Tags:Malware PowerShell SANS Internet Storm Center Security Obfus

[SANS ISC] Suspicious Endpoint Containment with OSSEC

I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections.  To place the device into a restricted environment is definitively better than power
Publish At:2020-09-17 08:05 | Read:439 | Comments:0 | Tags:OSSEC SANS Internet Storm Center Security Incident SANS ISC

[SANS ISC] Example of Malicious DLL Injected in PowerShell

I published the following diary on isc.sans.edu: “Example of Malicious DLL Injected in PowerShell“: For a while, PowerShell remains one of the favorite languages for attackers. Installed by default (and almost impossible to get rid of it), powerful, perfectly integrated with the core operating system. It’s very easy to develop specific P
Publish At:2020-08-28 14:15 | Read:707 | Comments:0 | Tags:Malware SANS Internet Storm Center Security DLL PowerShell S

[SANS ISC] Keep An Eye on LOLBins

I published the following diary on isc.sans.edu: “Keep An Eye on LOLBins“: Don’t misread, I won’t talk about “lolcats” today but “LOLBins” or “Living Off The Land Binaries”. All operating systems provide a rich toolbox to achieve multiple day-to-day tasks like maintenance of the certificates, ins
Publish At:2020-08-25 11:55 | Read:978 | Comments:0 | Tags:Malware SANS Internet Storm Center Security LOLBins Operatin

[SANS ISC] Compromized Desktop Applications by Web Technologies

I published the following diary on isc.sans.edu: “Compromized Desktop Applications by Web Technologies”: For a long time now, it has been said that “the new operating system is the browser”. Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances,
Publish At:2020-07-25 14:17 | Read:872 | Comments:0 | Tags:SANS Internet Storm Center Security Compromized JavaScript M

[SANS ISC] Simple Blacklisting with MISP & pfSense

I published the following diary on isc.sans.edu: “Simple Blacklisting with MISP & pfSense“: Here is an example of a simple but effective blacklist system that I’m using on my pfSense firewalls. pfSense is a very modular firewall that can be expanded with many packages. About blacklists, there is a well-known one called pfBlocklist. P
Publish At:2020-07-23 08:09 | Read:899 | Comments:0 | Tags:SANS Internet Storm Center Security Blacklist IOC MISP pfSen

[SANS ISC] Sextortion to The Next Level

I published the following diary on isc.sans.edu: “Sextortion to The Next Level“: For a long time, our mailboxes are flooded with emails from “hackers” (note the quotes) who pretend to have infected our computers with malware. The scenario is always the same: They successfully collected sensitive pieces of evidence about us (usually, men visiti
Publish At:2020-06-16 15:54 | Read:602 | Comments:0 | Tags:OSINT SANS Internet Storm Center Security SANS ISC

Tools

Tag Cloud