HackDig : Dig high-quality web security articles for hacker

Windows Insight: The Windows Telemetry ETW Monitor

The Windows Insight repository now hosts the Windows Telemetry ETW Monitor framework. The framework monitors and reports on Windows Telemetry ETW (Event Tracing for Windows) activities – ETW activities for providing data to Windows Telemetry. It consists of two components: the Windbg Framework: a set of scripts for monitoring Windows Telemetry ETW act
Publish At:2020-01-14 12:20 | Read:131 | Comments:0 | Tags:Misc Windows

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customer
Publish At:2020-01-13 20:35 | Read:235 | Comments:0 | Tags:Time to Patch Anne Neuberger CERT Coordination Center CERT-C

TROOPERS20 Training Teaser: Insight Into Windows Internals

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables: in-depth studies of undocumented, or poorly documented, system functionalities; development of performant and compatible software to monitor or exte
Publish At:2019-11-25 12:15 | Read:252 | Comments:0 | Tags:Events TROOPERS TROOPERS20 Windows

DNS-over-HTTPS is coming to Windows 10

byJohn E DunnFor fans of DNS-over-HTTPS (DoH) privacy, it must feel like a dam of resistance is starting to break.Mozilla Firefox and Cloudflare were the earliest adopters of this controversial new way to make DNS queries private by encrypting them, followed not long after by the weight of Google, which embedded DoH into Chrome as a non-default setting.This
Publish At:2019-11-21 12:35 | Read:337 | Comments:0 | Tags:Firefox Google Google Chrome Microsoft Privacy Web Browsers

Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples)

Reference2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files,  and automatically replaces cryptocurrency wallets from the clipboard with its own.It is written using Autoit scripts and then compiled into a Windows executable.It uses Telegram to exfiltr
Publish At:2019-11-21 11:45 | Read:473 | Comments:0 | Tags:spyware Telegram windows

Windows Insight: Code integrity and WDAC

The Windows Insight repository now hosts three articles on Windows code integrity and WDAC (Windows Defender Application Control): Device Guard Image Integrity: Architecture Overview (Aleksandar Milenkoski, Dominik Phillips): In this work, we present the high-level architecture of the code integrity mechanism implemented as part of Windows 10. Windows Defen
Publish At:2019-11-12 00:15 | Read:410 | Comments:0 | Tags:Misc Windows

Internet Explorer and Microsoft Defender: vulnerable to RCE attacks

Last year, an average of 45 vulnerabilities were discovered every day. This is almost three times more than in 2016. . Cyberincidents as well-known as WannaCry, the Equifax data breach, and the cyberattack on the Winter Olympics are were all facilitated by a vulnerability. Last month, a vulnerability in the WebAdmin plugin of OpenDreamBox 2.0.0.0 was discove
Publish At:2019-09-26 10:35 | Read:616 | Comments:0 | Tags:News Security business vulnerabilities Windows

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:510 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:514 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

Reverse port forwarding SOCKS proxy via HTTP proxy (part 1)

In the context of a Red Team assessment, in this post I’ll look at some options for using SOCKS to gain external access to an internal network. I’ll cover the obvious methods and why I’m overlooking them, a crude method using standard tools (this post) and a more refined approach using modified tools (in part 2). I recently spent quite a lo
Publish At:2019-09-19 17:35 | Read:586 | Comments:0 | Tags:Blog RDP red team Windows

Mysterious hack allows attackers stealing Windows login credentials without user interaction

Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction. Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLM password hashes without any user interaction. The tech giant patched the issues only for recent versions Windows (Windows 10 and Server 2016), to tri
Publish At:2017-10-28 09:30 | Read:2620 | Comments:0 | Tags:Breaking News Hacking NTLM password Windows Windows login cr

Exploring Windows Subsystem for Linux

Whilst there has been quite a lot of analysis of Microsoft’s new Windows Subsystem for Linux (aka WSL or Bash on Ubuntu on Windows) and how it functions (particularly from Alex Ionescu), most of this has focused on how it affects the Windows security model. Being a keen UNIX focused researcher, I decided to take it for a spin. The first thing I did onc
Publish At:2017-10-27 17:20 | Read:3447 | Comments:0 | Tags:Blog analysis Linux root Windows

Hindering Lateral Movement

Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other sy
Publish At:2017-10-27 17:20 | Read:4245 | Comments:0 | Tags:Blog auditing blueteam redteam training Windows

September Patch Tuesday, patch your Windows now to avoid ugly surprises

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes secu
Publish At:2017-09-14 03:50 | Read:3395 | Comments:0 | Tags:Breaking News Security Blueborn attack Hacking RCE September

Interesting List of Windows Processes Killed by Malicious Software

Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity of a connected user, the presence
Publish At:2017-09-07 05:50 | Read:3962 | Comments:0 | Tags:Malware Security Process windows

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud