During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient hardening, lack of awareness or poor password hygiene. Sometimes we do get access to a resource, but do not have access to the username or password of the user that

Written and researched by Mark Bregman and Rindert Kramer Sending signed phishing emails Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks

How an anomalous space led to fingerprinting Summary On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon whitespace in its server responses represents one of the characteristics Fox-IT has been leveraging to identify Cobalt Strike Servers, with high confidence, for the

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code that can change between samples. mkYAR

If you are a desktop user, you probably think that using a service such as Avira or Avast is enough to safeguard your information from attacks. You are so far from being genuinely safe with this type of software that is almost sweet to believe that these tools can adequately protect your personal data. The internet is still a scary place for many people and

An international anti-cyberattack company called Group-IB has issued a report which investigates JavaScript Sniffers at length. In case you’re wondering, JavaScript sniffers are a special kind of malware that’s very efficient at stealing customer payment data directly from online stores. Currently, JS-sniffers can be found in over 2,440 e-commerce stores, wh

They say that hacking is one of the most frowned upon processes to take part in, and while that may be true, there are plenty of people out there hacking for the “greater good”. All of the information that you’ll be reading through within this article is to be used for personal use only – this is merely a way to go about retrieving an account that you&

This article is about findings from Cybaze-Yoroi ZLAB’s discovery and the dissection of new Qrypter malware and its resulting evolution. It all started with Yoroi’s discovery of a few malicious emails during routine monitoring in the past few weeks. Upon finding these emails, the Yoroi team sent them to certain organizations and found that the malware was ta

If you are wondering if your WhatsApp account is safe, don’t worry, you are not the only one. A lot of people share the uncertainty of using the service as their main communication service for fear of being spied or because someone might gain access to it. Let’s clear the air about the purpose of this article. You probably landed here because you have conce

News just in; security experts have just discovered a new government spyware called Exodus which infiltrates user software using the Google Play Store. The Security without Borders organization has a team of dedicated security researchers and advisors who conducted an analysis of this threat. It was revealed through this organization that this government spy

A few weeks ago I saw a tweet by @SwiftOnSecurity about a blogpost describing the “yeabest.cc” malware. Yeabests[dot]cc malware uses a hidden WMI subscription to constantly re-infect Internet Explorer/Chrome shortcutshttps://t.co/ezyUDBfMot — SwiftOnSecurity (@SwiftOnSecurity) April 25, 2016 The malware used wmi for persistence, it ran a

Recently I read a blog about a Locky campaign using windows shortcut files to infect users. The microsoft blog describes a large scale phishing attack send Windows shortcut files in zip archives. For more inforamtion see: The TechNet blog.. The trick revolves around the fact that cmd.exe and powershell.exe both allow for commands passed via arguments. Creati

Yesterday various tools, documentation and intel was dropped on Telegram. Another quick analysis can be found on https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html the blog describes Poisonfrog and the HighShell and HyperShell webshells. This blog looks at another webshell (“base.aspx.txt”) that’s included in the dump. It caug

Introduction   Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for “Snapchat”. The fake version of Snapchat app is using “Snap Inc .” as Company Name, with a  ” .” appended to original name. Fake

The experts from Netskope Threat Research Labs discovered the Hackshit PhaaS platform, another interesting case of crimeware-as-a-service. A few days ago, we discussed the Katyusha scanner,a powerful and fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future that was available for $500 in the cyber crime undergr