HackDig : Dig high-quality web security articles for hacker

Windows Insight: Code integrity and WDAC

The Windows Insight repository now hosts three articles on Windows code integrity and WDAC (Windows Defender Application Control): Device Guard Image Integrity: Architecture Overview (Aleksandar Milenkoski, Dominik Phillips): In this work, we present the high-level architecture of the code integrity mechanism implemented as part of Windows 10. Windows Defen
Publish At:2019-11-12 00:15 | Read:72 | Comments:0 | Tags:Misc Windows

Internet Explorer and Microsoft Defender: vulnerable to RCE attacks

Last year, an average of 45 vulnerabilities were discovered every day. This is almost three times more than in 2016. . Cyberincidents as well-known as WannaCry, the Equifax data breach, and the cyberattack on the Winter Olympics are were all facilitated by a vulnerability. Last month, a vulnerability in the WebAdmin plugin of OpenDreamBox 2.0.0.0 was discove
Publish At:2019-09-26 10:35 | Read:305 | Comments:0 | Tags:News Security business vulnerabilities Windows

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:242 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:295 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

Reverse port forwarding SOCKS proxy via HTTP proxy (part 1)

In the context of a Red Team assessment, in this post I’ll look at some options for using SOCKS to gain external access to an internal network. I’ll cover the obvious methods and why I’m overlooking them, a crude method using standard tools (this post) and a more refined approach using modified tools (in part 2). I recently spent quite a lo
Publish At:2019-09-19 17:35 | Read:189 | Comments:0 | Tags:Blog RDP red team Windows

Mysterious hack allows attackers stealing Windows login credentials without user interaction

Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction. Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLM password hashes without any user interaction. The tech giant patched the issues only for recent versions Windows (Windows 10 and Server 2016), to tri
Publish At:2017-10-28 09:30 | Read:2316 | Comments:0 | Tags:Breaking News Hacking NTLM password Windows Windows login cr

Exploring Windows Subsystem for Linux

Whilst there has been quite a lot of analysis of Microsoft’s new Windows Subsystem for Linux (aka WSL or Bash on Ubuntu on Windows) and how it functions (particularly from Alex Ionescu), most of this has focused on how it affects the Windows security model. Being a keen UNIX focused researcher, I decided to take it for a spin. The first thing I did onc
Publish At:2017-10-27 17:20 | Read:2914 | Comments:0 | Tags:Blog analysis Linux root Windows

Hindering Lateral Movement

Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other sy
Publish At:2017-10-27 17:20 | Read:3752 | Comments:0 | Tags:Blog auditing blueteam redteam training Windows

September Patch Tuesday, patch your Windows now to avoid ugly surprises

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes secu
Publish At:2017-09-14 03:50 | Read:3086 | Comments:0 | Tags:Breaking News Security Blueborn attack Hacking RCE September

Interesting List of Windows Processes Killed by Malicious Software

Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity of a connected user, the presence
Publish At:2017-09-07 05:50 | Read:3552 | Comments:0 | Tags:Malware Security Process windows

ZPI: One approach to rule them all

Introduction In 1975, a book was published that changed the way we approach complex problems. Inspired on how nature works “Adaptation in Natural and Artificial Systems” set the bases of genetic algorithms. The release date of this blogpost is strongly linked to that book, it is a symbolic tribute to its author, John Henry Holland, who passed out
Publish At:2017-08-10 08:55 | Read:4301 | Comments:0 | Tags:Android iOS Mobile security Mobile Threat Defense Windows Ze

Microsoft won’t patch the 20-year-old SMBv1 SMBloris flaw disclosed at DEF CON conference

Microsoft has announced that the SMBv1 SMBloris bug described at DEF CON won’t be patched because it could be fixed simply blocking incoming connections. Recently security researchers at RiskSense have identified a 20-year-old Windows SMB vulnerability they called SMBloris (a nod to the Slowloris DoS attack.), they presented their findings at the recen
Publish At:2017-07-31 06:15 | Read:3216 | Comments:0 | Tags:Breaking News Hacking DEF CON 25 ETERNALBLUE SMB SMBLoris Wi

DEF CON Talk Will Expose The Latest SMB Vulnerability SMBLoris

Security researchers at RiskSense have identified a 20-year-old Windows SMB vulnerability they are calling SMBloris, a DEF CON Talk Will Expose it. Server Message Block (SMB) has been a foundational piece of Microsoft Windows’ networking all the way back to the LAN Manager days, facilitating “shared access to files, printers and serial ports.R
Publish At:2017-07-28 04:36 | Read:3317 | Comments:0 | Tags:Breaking News Hacking def con ETERNALBLUE SMB Windows Vulner

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C server that both programs used – cl.ezreal.space:20480 – t
Publish At:2017-07-25 11:30 | Read:4050 | Comments:0 | Tags:Research Backdoor malware description Windows

A Russian man involved in the development and maintenance of Citadel was sentenced to five years in prison

The Russian hacker Mark Vartanyan was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel botnets. It’s a terrific moment for cyber criminals, law enforcement worldwide continues their fight against illegal activities online and the recent shut down of AlphaBay and Hansa black markets demonstrate it.
Publish At:2017-07-23 05:40 | Read:2873 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking trojan Citadel Cyb

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud