HackDig : Dig high-quality web security articles for hacker

“TorWitness” Docker Container: Automated (Tor) Websites Screenshots

The idea of this Docker container came after reading the excellent Micah Hoffman’s blog post: Dark Web Report + TorGhost + EyeWitness == Goodness. Like Micah, I’m also receiving a daily file with new websites discovered on the (dark|deep) web (name it as you prefer). This service is provided by @hunchly Twitter account. Once a day, you get an XLS
Publish At:2017-10-25 15:50 | Read:227 | Comments:0 | Tags:Docker Software Tor Website

Automatic Extraction of Data from Excel Sheet

Excel sheets are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing of data. Here a good example: Everyd
Publish At:2017-10-24 21:20 | Read:179 | Comments:0 | Tags:Software Unix Automation Excel Python Script Tool

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:709 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

How Virus Protection Software Has Evolved With the Threat Landscape

John McAfee turned some heads in the security community two years ago when he declared that the virus protection software industry, which he is widely credited with creating 30 years ago, is dead. “In 1987, new applications for the Windows platform were being developed and released at a rate of about one new application per month,” he wrote. &#
Publish At:2017-07-17 19:15 | Read:528 | Comments:0 | Tags:Endpoint Fraud Protection Antivirus Malware Security Service

Bitscout – The Free Remote Digital Forensics Tool Builder

Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day! However, while there are some rare and dangerous malware, not every samp
Publish At:2017-07-06 06:45 | Read:540 | Comments:0 | Tags:Software Bitscout Forensics Tools

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:668 | Comments:0 | Tags:Application Security Application Development Application Sec

Integrating OpenCanary & DShield

Being a volunteer for the SANS Internet Storm Center, I’m a big fan of the DShield service. I think that I’m feeding DShield with logs for eight or nine years now. In 2011, I wrote a Perl script to send my OSSEC firewall logs to DShield. This script has been running and pushing my logs every 30 mins for years. Later, DShield was extended to colle
Publish At:2017-02-16 07:40 | Read:1628 | Comments:0 | Tags:Security Software Uncategorized Cowrie DShield Honeypot Open

Malicious code and the Windows integrity mechanism

Introduction Ask any expert who analyzes malicious code for Windows which system privileges malware works with and wants to acquire and, without a second thought, they’ll tell you: “Administrator rights”. Are there any studies to back this up? Unfortunately, I was unable to find any coherent analysis on the subject; however, it is never too
Publish At:2016-11-28 09:20 | Read:1267 | Comments:0 | Tags:Blog Software Malware Technologies Microsoft Windows Securit

Ethernet consortia trio want to unlock a more time-sensitive network

The demand from Internet of Things, automotive networking and video applications are driving changes to Ethernet technology that will make it more time-sensitive.Key to those changes are a number of developing standards but also a push this week from the University of New Hampshire InterOperability Laboratory to set up three new industry specific Etherne
Publish At:2016-11-11 12:30 | Read:726 | Comments:0 | Tags:Networking Security Data Center Software

Web of Trust browser extensions yanked after proving untrustworthy

Well this is bad.Earlier in November, a report out of Germany claimed the popular Web of Trust (WoT) browser add-on was selling its users’ browser histories to third-parties without properly anonymizing the data, resulting in the personal identification of Web of Trust users. There was also some debate over whether the company behind WoT (WOT Services) p
Publish At:2016-11-09 05:30 | Read:1209 | Comments:0 | Tags:Software Browsers Internet Security

Terror suspect's locked iPhone could lead to a second Apple-FBI showdown

The FBI could be gearing up for another battle with Apple.In the wake of a mass stabbing at a Minnesota mall that was linked to the terrorist group ISIS, the FBI is looking for answers on a passcode-protected iPhone.“Dahir Adan’s iPhone is locked,” FBI special agent Rich Thornton told reporters at a press conference, according to Wired. “We are in the pr
Publish At:2016-10-07 19:55 | Read:1084 | Comments:0 | Tags:iPhone Software Security Privacy Legal

A new algorithm can hide messages in your favorite dance music

It's long been known that secret messages can be included in music through techniques such as backmasking, but now a Polish researcher has developed an entirely new approach. By subtly varying the tempo of a particular type of dance music, he's managed to encode information in a way that's completely inaudible to human listeners.StegIbiza is an a
Publish At:2016-08-19 08:20 | Read:969 | Comments:0 | Tags:Big Data Analytics Software Security

Cisco uncovers security threat in industrial control system

Cisco’s security intelligence and research group Talos, said that it had reported a serious vulnerability in Rockwell Automation’s industrial control system – the MicroLogix 1400 programmable logic controller (PLC).The Simple Network Management Protocol exploit could let an attacker take complete remote control of the MicroLogix system and modify
Publish At:2016-08-16 07:05 | Read:1166 | Comments:0 | Tags:Security Network Management Software

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft.The vulnerabilities were found by researchers from Cisco's Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used t
Publish At:2016-07-22 03:35 | Read:980 | Comments:0 | Tags:Security Software Application Development

Windows 10: What’s New in the Security System

Operating system security is one of Microsoft’s priorities. The developers of the new generation of Windows have vigorously responded to the most significant and relevant threats that target the Windows platform by developing numerous security technologies that were previously available only in third-party solutions. The system has become better protec
Publish At:2016-07-21 14:40 | Read:1770 | Comments:0 | Tags:Blog Research Software Microsoft Windows 10

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud