HackDig : Dig high-quality web security articles

[SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy

I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“: For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating s
Publish At:2021-04-09 06:24 | Read:124 | Comments:0 | Tags:Malware Python SANS Internet Storm Center Security RAT SANS

Aurora campaign: Attacking Azerbaijan using multiple RATs

This post was authored by Hossein Jazi As tensions between Azerbaijan and Armenia continue, we are still seeing a number of cyber attacks taking advantage of this situation. On March 5th 2021, we reported an actor that used steganography to drop a new .Net Remote Administration Trojan. Since that time, we have been monitoring this actor and were able to i
Publish At:2021-04-06 16:35 | Read:278 | Comments:0 | Tags:Malware Threat analysis Armenia azerbaijan python rat

[SANS ISC] Simple Python Keylogger

I published the following diary on isc.sans.edu: “Simple Python Keylogger“: A keylogger is one of the core features implemented by many malware to exfiltrate interesting data and learn about the victim. Besides the fact that interesting keystrokes can reveal sensitive information (usernames, passwords, IP addresses, hostnames, …
Publish At:2021-03-18 11:31 | Read:262 | Comments:0 | Tags:Python SANS Internet Storm Center Security Keylogger SANS IS

Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules

byPaul DucklinIf you’ve ever used the Python programming language, or installed software written in Python, you’ve probably used PyPI, even if you didn’t realise it at the time.PyPI is short for the Python Package Index, and it currently contains just under 300,000 open source add-on modules (290,614 of them when we checked [2021-03-07T00:1
Publish At:2021-03-07 20:55 | Read:294 | Comments:0 | Tags:Malware coding package manager PyPI python supply chain

Network Flows Visualization With Nanoleaf Light Panels

I’m a fan of the Nanoleaf light panels! I use them in my office all the time. They provide a great daylight color while I’m in a Webex or training, they react to my music or give a relaxing atmosphere (while you need to concentrate on important stuff). Years ago, when I was working on Solaris systems, I often used the “snoop” (the Sol
Publish At:2021-02-05 10:55 | Read:370 | Comments:0 | Tags:Fun Python Geek Light Nanoleaf Scapy Tcpdump

pfSense Firewall Configuration Audit with pfAudit

pfSense is a very popular free and open source firewall solution. It does not only provide classic firewall services but has plenty of features like VPN server or can offer DNS, DHCP, proxy services… and many more. pfSense is also proposed by some companies as a commercial service with support. That’s why it is used in many organisations. Abo
Publish At:2020-12-14 13:19 | Read:453 | Comments:0 | Tags:Python Security Software Audit Configuration Firewall JSON p

[SANS ISC] Python Backdoor Talking to a C2 Through Ngrok

I published the following diary on isc.sans.edu: “Python Backdoor Talking to a C2 Through Ngrok“: I spotted a malicious Python script that implements a backdoor. The interesting behavior is the use of Ngrok to connect to the C2 server. Ngrok has been used for a while by attackers. Like most services available on the Internet, it has been abuse
Publish At:2020-12-10 11:49 | Read:409 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Backdoor Ngrok P

PrivacyRaven has left the nest

By Suha S. Hussain, Georgia Tech If you work on deep learning systems, check out our new tool, PrivacyRaven—it’s a Python library that equips engineers and researchers with a comprehensive testing suite for simulating privacy attacks on deep learning systems. PrivacyRaven is a comprehensive testing suite for simulating privacy attacks on deep learning system
Publish At:2020-10-08 11:01 | Read:758 | Comments:0 | Tags:Internship Projects Privacy Machine Learning Python Testing

Schubser and his cookie dealing friend

I actually forgot to post this in February, so I’m a little late but the topic is as current as it was back then. One week in February my colleague, Jan Girlich and me took some time to review our tools and make three of them available on github. Jan wrote a Proof of Concept (PoC) Android app that allows exploiting Java object deserialization vulnerabi
Publish At:2019-09-19 18:20 | Read:1644 | Comments:0 | Tags:Coding Android deserialisation Firesheep Java MITM mod0cooki

Python Sender

Last week I played my first Capture The Flag (CTF) where I really tried solving the challenges for a couple of hours. It was a regular jeopardy style CTF with binaries, web applications and other server ports. I don’t think CTFs are going to be my favourite hobby, as pentesting is similar but just a little bit more real life. However, CTFs are very ni
Publish At:2019-09-19 18:20 | Read:1650 | Comments:0 | Tags:Useful scripts Web Penetration Testing CTF http pentesting p

Splunk Custom Search Command: Searching for MISP IOC’s

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events, it becomes quickly mandatory to deploy techniques to help you to extract juicy inf
Publish At:2017-10-31 14:55 | Read:6209 | Comments:0 | Tags:MISP Security Splunk Hunting IOC Python

Automatic Extraction of Data from Excel Sheet

Excel sheets are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing of data. Here a good example: Everyd
Publish At:2017-10-24 21:20 | Read:4556 | Comments:0 | Tags:Software Unix Automation Excel Python Script Tool

FTP Injection flaws in Java and Python allows firewall bypass

The two programming languages, Java and Python, are affected by serious FTP Injection flaws that can be exploited by hackers to bypass any firewall. Attackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls The unpatched flaws reside in the way the two programming languages handle File Transfer Protocol
Publish At:2017-02-22 21:30 | Read:6595 | Comments:0 | Tags:Breaking News Hacking firewall FTP Injection Java Python sec

Digging for Security Bugs in Python Code

Python is a great development language for so many reasons. Its developers enjoy huge library support. Do you want to deploy a simple web server or implement a RESTful API? There are modules for that. Capture, analyze, and visualize network traffic flow? There are simple and free modules for all of that, too.Developers using Python can create a prototype in
Publish At:2017-01-25 09:35 | Read:5123 | Comments:0 | Tags:Off Topic Bandit BsidesSF python

KNXmap: A KNXnet/IP Scanning and Auditing Tool

Users of the KNX, a standard for home automation bus systems, may already have come across KNXnet/IP (also known as EIBnet/IP): It is an extension for KNX that defines Ethernet as a communication medium for KNX which allows communication with KNX buses over IP driven networks. Additionally, it enables one to couple multiple bus installations over IP gateways
Publish At:2016-09-05 10:50 | Read:5591 | Comments:0 | Tags:Announcements Tools Uncategorized IoT KNX python