HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Microsoft Apps Diverted from Their Main Use

I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team h
Publish At:2019-11-12 03:20 | Read:1336 | Comments:0 | Tags:SANS Internet Storm Center Security Microsoft Office SANS IS

Security Hygiene for Dorm Life

Going back to school, especially college, is a fun time of year. One of the best experiences, by far, is living with other people in a dorm or private shared housing. You can make awesome friends, have amazing parties, and make excellent memories.It’s important to note in these shared living situations that hygiene is incredibly important. You don̵
Publish At:2016-09-06 01:40 | Read:4357 | Comments:0 | Tags:Featured Articles Security Awareness clickbait hygiene malwa

Obfuscated URLs, where is that link taking you?

What is a URL? A URL (uniform resource locator) is a pointer to a web resource (usually a site) and a mechanism to retrieve it. Most of the times when people use this term they will mean a clickable link to a website. URL shorteners URL shorteners were invented to enable users to post URLs in messages where they only have a (very) limited number of tokens to
Publish At:2015-09-10 17:40 | Read:4891 | Comments:0 | Tags:Fraud/Scam Alert click encoded link Pieter Arntz search shor

The 4 Phishing Commandments – #3 Know Thy Link

So we know cybercriminals are targeting us on account of the abundance of personal information available on the internet (Post #1), and we can smell a bogus email address or domain name a mile away (Post #2), but what guidelines help us identify a rogue link when we see one? And what are common link–clicking pitfalls to avoid? Before diving into links, let’s
Publish At:2015-05-04 17:40 | Read:5044 | Comments:0 | Tags:Phishing Uncategorized "Chat Phishing" "Spear Phishing" "wat

Creative Evasion Technique Against Website Firewalls

During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win and surely there had to be a way through the existing evasion controls. This post is going to be a bit code-heavy for most end-users, but if you choose to read you’re bound to find it very
Publish At:2015-02-03 11:00 | Read:5320 | Comments:0 | Tags:Learn vulnerability Website Security encoding url

Delta Airlines Patches Boarding Pass URL Bug

Delta Airlines has patched a bug that passengers could have used to view other people’s boarding passes.Paul Skrbec, a spokesman for the airline company, made the following comments about the incident: “Security is a top priority for Delta, and we employ multiple levels of it throughout the travel process. After a possible issue with our mobile boarding pass
Publish At:2014-12-17 16:55 | Read:6587 | Comments:0 | Tags:Latest Security News Delta Delta Airlines URL

Apple developer guidelines lead to rogue phone call risks in iOS

Web pages are all about hyperlinks. Usually, these link to other web pages, by specifying a URL such as: http://example.com/newpageBut there are other sorts of URL, such as mailto: (opens your email client), file: (opens a local file, if security settings permit it), and tel: (opens your phone app, if you have one).For example, a URL such as tel:+44.1235.559
Publish At:2014-09-03 17:10 | Read:3614 | Comments:0 | Tags:Apple Apple Safari Featured iOS Privacy ios Safari telephony

Tools

Tag Cloud