HackDig : Dig high-quality web security articles for hacker

New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail

by John Anthony Bañes Malicious macros are commonly used to deliver malware payloads to victims, usually by coercing victims into enabling the macro sent via spam email. The macro then executes a PowerShell script to download ransomware or some other malware. Just this September EMOTET, an older banking malware, leveraged this method in a campaign that saw i
Publish At:2017-10-21 18:05 | Read:197 | Comments:0 | Tags:Malware macro sandbox Spam

Just a Passing Fad? Fidget Spinners and the Malware Sandbox

This is the first installment in a three-part series about malware sandboxing. Stay tuned for more information. When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the same disd
Publish At:2017-08-29 10:15 | Read:344 | Comments:0 | Tags:Malware Threat Intelligence Advanced Malware Behavioral Anal

Using a Free Online Malware Analysis Sandbox to Dig Into Malicious Code

The continuous advancement and sophistication of cyberthreats has gradually decreased the sufficiency of traditional gateway and endpoint security solutions for protection against malware. These approaches were sufficient when malware occurred in small numbers and it was easy to differentiate between good and bad applications. Nowadays, there’s a world
Publish At:2017-08-28 12:55 | Read:351 | Comments:0 | Tags:Incident Response Malware Malware Analysis Sandbox Sandboxin

Simplifying Malware Analysis for the C-Suite and Security Operations

The recent WannaCry ransomware infections demonstrate an immediately known threat, but what about attacks that aren’t immediately identifiable and require deeper malware analysis? Imagine this scenario: A chief executive officer (CEO) and a chief information officer (CIO) sit and listen in disbelief as they hear that their company was attacked four mon
Publish At:2017-05-17 02:50 | Read:784 | Comments:0 | Tags:CISO Malware C-Suite IBM X-Force Research Malware Analysis N

Security Beyond the Sandbox

A few years ago sandboxing technology really came of age in the security industry. The ability to emulate an environment, detonate a file without risk of infection, and analyze its behavior became quite a handy research tool. Since then, sandboxes have become relatively popular (not nearly on the same scale as anti-virus or firewalls) and can be found in lar
Publish At:2015-09-10 22:20 | Read:621 | Comments:0 | Tags:Security AMP Threat Grid malware sandbox security

Using Reflective DLL Injection to exploit IE Elevation Policies

As you are probably aware, sandbox bypasses are becoming a MUST when exploiting desktop applications such as Internet Explorer. One interesting class of sandbox bypasses abuse IE's Elevation Policies. An example of this type of sandbox bypass is CVE-2015-0016. The vulnerability has already been analyzed by Henry Li, who published a complete description in th
Publish At:2015-08-28 20:30 | Read:3176 | Comments:0 | Tags:metasploit-framework ie sandbox cve-2015-0016 exploit

Details Surface on Patched Sandbox Violation Vulnerability in iOS

Apple patched an issue last week in iOS that could have allowed attackers to bypass the third-party app-sandbox protection mechanism on devices and read arbitrary managed preferences via a special app.The issue, which was present in versions of iOS prior to 8.4.1, stems from a vulnerability with both the sandbox_profiles and CFPreferences components of the o
Publish At:2015-08-20 18:25 | Read:654 | Comments:0 | Tags:Apple Mobile Security apple Appthority Mobile security sandb

Adobe to Patch Hacking Team’s Flash Zero-Day

Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks. The flaw was disclosed publicly over the weekend after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company thatR
Publish At:2015-07-07 17:55 | Read:1450 | Comments:0 | Tags:A Little Sunshine Latest Warnings Time to Patch Adobe Flash

Signature-Based Detection With YARA

In a previous post, I talked about how you can use STIX, TAXII and CybOX to share threat intelligence. One of the key elements for putting cyberthreat information to good use requires that the information is actionable, or at least usable. The shared information has to be accurate, complete and relevant for your environment. CybOX provides a common structure
Publish At:2015-06-24 12:25 | Read:1433 | Comments:0 | Tags:Infrastructure Protection Malware Network & Endpoint Securit

Polish firm disclosed PoC code for security issues in Google App Engine

Security researchers at Security Explorations firm have published PoCs code for some of security issues in the Google App Engine. The Polish firm Security Explorations has published online the technical details and a proof-of-concept code for security flaws affecting the Google App Engine (GAE) for Java. “Security Explor
Publish At:2015-05-16 16:55 | Read:1125 | Comments:0 | Tags:Breaking News Hacking code execution Google Google App Engin

4 Elements of a Stealthy Sandbox

Sandboxes (or automated, dynamic malware analysis systems) are one of the most advanced threat detection tools available to security professionals, and are quickly being adopted by forward-thinking enterprise and mid-market organizations globally.These systems use behavioral analysis methods to monitor unknown malware programs in a simulated environment for
Publish At:2015-04-08 08:35 | Read:1042 | Comments:0 | Tags:Featured Articles Incident Detection Lastline malware Sandbo

CVE-2015-0016: Escaping the Internet Explorer Sandbox

Part of this January’s Patch Tuesday releases was MS15-004, which fixed a vulnerability that could be used in escalation of privilege attacks. I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a ke
Publish At:2015-01-28 17:40 | Read:1877 | Comments:0 | Tags:Vulnerabilities CVE-2015-0016 Internet Explorer sandbox

Acrobat Reader Windows sandbox is affected by critical flaw

A researcher at Google discovered a critical flaw in Windows Acrobat Reader 11 Sandbox that could be exploited to access a system and gain higher privileges Google security researcher James Forshaw claims that the Acrobat Reader Windows sandbox is affected by critical vulnerability that could allow attackers to compromise a sy
Publish At:2014-11-30 21:40 | Read:1115 | Comments:0 | Tags:Hacking Security Acrobat Reader 11 Google Sandbox Windows

Recognizing Evasive Behaviors Seen as Key to Detecting Advanced Malware

Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We’ve seen malware samples that determine if they’re being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until analysis passes. Other samples use layers and layers o
Publish At:2014-10-16 21:40 | Read:1321 | Comments:0 | Tags:Malware evasive malware Giovanni Vigna malware Malware detec

16,800 clean and 11,960 malicious files for signature testing and research.

Signature and security product testing often requires large numbers of sorted malicious and clean files to eliminate false positives and negatives. They are not always easy to find, but here are some that I have.Clean documents are collected from various open sources. All the copyright rights belong the the authors of each document and file. You must no
Publish At:2014-08-15 01:02 | Read:1026 | Comments:0 | Tags:collection sandbox signature testing

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud