HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4231 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:3707 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:3697 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2354 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

[SANS ISC] DNS Query Length… Because Size Does Matter

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on “
Publish At:2017-04-20 12:35 | Read:2648 | Comments:0 | Tags:Logs Management / SIEM SANS Internet Storm Center Security D

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits.The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryp
Publish At:2015-11-25 16:45 | Read:3250 | Comments:0 | Tags:Malware Ransomware Web Security Angler Exploit Kit BizCN Bra

New Campaign Shows Dridex Active, Targeting French

Two weeks after authorities announced they had taken down the botnet behind the banking malware Dridex, new research suggests the threat is alive and well.Researchers with the firm Invincea announced today that they’ve noticed 60 instances of attackers dropping Dridex on users in France, just over the past four days. As part of a newly reinvigorated ca
Publish At:2015-10-26 15:40 | Read:2840 | Comments:0 | Tags:Malware Uncategorized Brad Duncan Dridex Invincea SANS Inter

WordPress Compromises Behind Spike in Neutrino EK Traffic

Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said.In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlier. Those sites are backdoored and redirect a victim’
Publish At:2015-08-21 12:00 | Read:2927 | Comments:0 | Tags:Malware Vulnerabilities Web Security Angler Exploit Kit cyrp

Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over

A prominent cybercriminal actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today.Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks, largely because it has the reputation for quickly integ
Publish At:2015-08-20 18:25 | Read:2764 | Comments:0 | Tags:Malware Microsoft Privacy Ransomware Web Security Angler Exp

Click-Fraud Malware Spreading via JavaScript Attachments

A new malware campaign has been spotted that has begun seeding spam messages with a downloader heavily obfuscated with JavaScript. The SANS Internet Storm Center said today that two days ago, a flood of spam messages were observed laced with .js attachments.The JavaScript obfuscates a downloader that once it’s installed on a compromised machine, calls
Publish At:2015-07-29 20:05 | Read:3135 | Comments:0 | Tags:Malware Privacy Brad Duncan Click fraud Kovter malicious Jav

Evasion Techniques Keep Angler EK’s Cryptowall Business Thriving

The Angler Exploit Kit is turning into a model for malware rapidly integrating new evasion techniques.Starting in early June, URL patterns used by the notorious exploit kit have been changing almost daily, coinciding with it pushing Cryptowall 3.0 ransomware. SANS Internet Storm Center handler Brad Duncan, a security researcher with Rackspace, said that curr
Publish At:2015-07-03 03:10 | Read:2815 | Comments:0 | Tags:Malware Ransomware Web Security Angler Exploit Kit avoid det

New Technique Complicates Mutex Malware Analysis

Malware analysts have had a measure of success using static mutex values as a fingerprint for detecting and blocking malicious code.These values are used in programming to enable software to synchronize communication between multiple threads or processes, or to determine whether another instance of a program is running already. There’s better reliabili
Publish At:2015-03-10 00:50 | Read:2916 | Comments:0 | Tags:Hacks Malware Backoff dynamic mutex Lenny Zeltzer LogPOS mal


Share high-quality web security related articles with you:)


Tag Cloud