HackDig : Dig high-quality web security articles for hackers

Legacy Systems: Seven Things to Know When Sunsetting

Nothing lasts forever. That’s true for cars, devices, even a favorite sweatshirt or pair of jeans. But it is especially true for information technology (IT).  Legacy IT systems stick around in business settings for three main reasons: organizations don’t have the budget to upgrade, teams need to be able to access critical legacy application
Publish At:2020-08-13 09:08 | Read:91 | Comments:0 | Tags:Application Security Network Software & App Vulnerabilities

GReAT thoughts: Awesome IDA Pro plugins

The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a series of talks called ‘GReAT Ideas. Powered by SAS’
Publish At:2020-07-21 07:46 | Read:112 | Comments:0 | Tags:Featured Software Malware Security technology

Updating Legacy Systems Amid Growing Cybersecurity Concerns

Over the past few months, a shift to remote working has raised many security questions for businesses trying to protect their data. And, ensuring that legacy systems are secure is a key priority.  Keeping legacy systems up to date in a world of increasing cyber threats has been a concern the past few years, but it has become more prevalent as the pandem
Publish At:2020-07-09 10:08 | Read:261 | Comments:0 | Tags:Application Security Network Application Vulnerability Cyber

Handling Malware Delivered Into .daa Files

Bad guys are always trying to use “exotic” file extensions to deliver their malicious payloads. If common dangerous extensions are often blocked by mail security gateways, there exists plenty of less common extensions. These days, with the COVID19 pandemic, we are facing a peak of phishing and scams trying to lure victims. I spotted one that uses
Publish At:2020-04-03 09:16 | Read:649 | Comments:0 | Tags:Malware Security Software DAA PowerISO

[SANS ISC] Offensive Tools Are For Blue Teams Too

I published the following diary on isc.sans.edu: “Offensive Tools Are For Blue Teams Too“: Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you can be proactive and visibility is key. A goo
Publish At:2020-02-27 11:36 | Read:493 | Comments:0 | Tags:SANS Internet Storm Center Software Blueteam SANS ISC

Cybersecurity Research During the Coronavirus Outbreak and After

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware researchers, digital forensics experts and incident responders. A
Publish At:2020-02-20 08:02 | Read:699 | Comments:0 | Tags:Software digital forensics Linux Security technology Virus

How we developed our simple Harbour decompiler

https://github.com/KasperskyLab/hb_dec Every once in a while we get a request that leaves us scratching our heads. With these types of requests, existing tools are usually not enough and we have to create our own custom tooling to solve the “problem”. One such request dropped onto our desk at the beginning of 2018, when one of our customers – a f
Publish At:2019-12-20 13:05 | Read:962 | Comments:0 | Tags:Software Malware

“TorWitness” Docker Container: Automated (Tor) Websites Screenshots

The idea of this Docker container came after reading the excellent Micah Hoffman’s blog post: Dark Web Report + TorGhost + EyeWitness == Goodness. Like Micah, I’m also receiving a daily file with new websites discovered on the (dark|deep) web (name it as you prefer). This service is provided by @hunchly Twitter account. Once a day, you get an XLS
Publish At:2017-10-25 15:50 | Read:4345 | Comments:0 | Tags:Docker Software Tor Website

Automatic Extraction of Data from Excel Sheet

Excel sheets are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing of data. Here a good example: Everyd
Publish At:2017-10-24 21:20 | Read:3598 | Comments:0 | Tags:Software Unix Automation Excel Python Script Tool

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:4523 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

How Virus Protection Software Has Evolved With the Threat Landscape

John McAfee turned some heads in the security community two years ago when he declared that the virus protection software industry, which he is widely credited with creating 30 years ago, is dead. “In 1987, new applications for the Windows platform were being developed and released at a rate of about one new application per month,” he wrote. &#
Publish At:2017-07-17 19:15 | Read:5225 | Comments:0 | Tags:Endpoint Fraud Protection Antivirus Malware Security Service

Bitscout – The Free Remote Digital Forensics Tool Builder

Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day! However, while there are some rare and dangerous malware, not every samp
Publish At:2017-07-06 06:45 | Read:4438 | Comments:0 | Tags:Software Bitscout Forensics Tools

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:4742 | Comments:0 | Tags:Application Security Application Development Application Sec

Integrating OpenCanary & DShield

Being a volunteer for the SANS Internet Storm Center, I’m a big fan of the DShield service. I think that I’m feeding DShield with logs for eight or nine years now. In 2011, I wrote a Perl script to send my OSSEC firewall logs to DShield. This script has been running and pushing my logs every 30 mins for years. Later, DShield was extended to colle
Publish At:2017-02-16 07:40 | Read:8847 | Comments:0 | Tags:Security Software Uncategorized Cowrie DShield Honeypot Open

Malicious code and the Windows integrity mechanism

Introduction Ask any expert who analyzes malicious code for Windows which system privileges malware works with and wants to acquire and, without a second thought, they’ll tell you: “Administrator rights”. Are there any studies to back this up? Unfortunately, I was unable to find any coherent analysis on the subject; however, it is never too
Publish At:2016-11-28 09:20 | Read:4885 | Comments:0 | Tags:Blog Software Malware Technologies Microsoft Windows Securit


Tag Cloud