HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Code & Data Reuse in the Malware Ecosystem

I published the following diary on isc.sans.edu: “Code & Data Reuse in the Malware Ecosystem“: In the past, I already had the opportunity to give some “security awareness” sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, it’s tempting to not reinvent the whe
Publish At:2019-12-12 08:20 | Read:363 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC

[SANS ISC] My Little DoH Setup

I published the following diary on isc.sans.edu: “My Little DoH Setup“: “DoH”, this 3-letters acronym is a buzzword on the Internet in 2019! It has been implemented in Firefox, Microsoft announced that Windows will support it soon. They are pro & con about encrypting DNS requests in  HTTPS but it’s not the goal of this di
Publish At:2019-11-25 09:25 | Read:417 | Comments:0 | Tags:SANS Internet Storm Center Security DNS DoH PiHole SANS

[SANS ISC] Keep an Eye on Remote Access to Mailboxes

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st
Publish At:2019-11-12 03:20 | Read:455 | Comments:0 | Tags:SANS Internet Storm Center Security BEC Email SANS ISC

[SANS ISC] Microsoft Apps Diverted from Their Main Use

I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team h
Publish At:2019-11-12 03:20 | Read:360 | Comments:0 | Tags:SANS Internet Storm Center Security Microsoft Office SANS IS

[SANS ISC] Quick Malicious VBS Analysis

I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the
Publish At:2019-10-18 08:20 | Read:1166 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs

I published the following diary on isc.sans.edu: “Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs“: I’m keeping an eye on the certificate transparency logs using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players
Publish At:2019-09-24 09:25 | Read:589 | Comments:0 | Tags:SANS Internet Storm Center Security remotewebaccess.Com SANS

[SANS ISC] Agent Tesla Trojan Abusing Corporate Email Accounts

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr
Publish At:2019-09-19 15:55 | Read:445 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Agent Tesla SANS

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4692 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:4212 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:4178 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2763 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

[SANS ISC] DNS Query Length… Because Size Does Matter

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on “
Publish At:2017-04-20 12:35 | Read:3154 | Comments:0 | Tags:Logs Management / SIEM SANS Internet Storm Center Security D

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits.The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryp
Publish At:2015-11-25 16:45 | Read:3709 | Comments:0 | Tags:Malware Ransomware Web Security Angler Exploit Kit BizCN Bra

New Campaign Shows Dridex Active, Targeting French

Two weeks after authorities announced they had taken down the botnet behind the banking malware Dridex, new research suggests the threat is alive and well.Researchers with the firm Invincea announced today that they’ve noticed 60 instances of attackers dropping Dridex on users in France, just over the past four days. As part of a newly reinvigorated ca
Publish At:2015-10-26 15:40 | Read:3189 | Comments:0 | Tags:Malware Uncategorized Brad Duncan Dridex Invincea SANS Inter

WordPress Compromises Behind Spike in Neutrino EK Traffic

Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said.In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlier. Those sites are backdoored and redirect a victim’
Publish At:2015-08-21 12:00 | Read:3254 | Comments:0 | Tags:Malware Vulnerabilities Web Security Angler Exploit Kit cyrp

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud