Clik here to view.
The Epic Turla Operation: Information on Command and Control Server...
Together with international partners, we have investigated the Turla/Uroburos/Snake relatedEpic/Wipbot/TavDig/Wordlcupsec operations and the command and control server infrastructure ofit. Although...
View ArticleClik here to view.
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away.During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download...
View ArticleClik here to view.
Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins
Among all the scams and thievery in the bitcoin economy, one recent hack sets a new bar for brazenness: Stealing an entire chunk of raw internet traffic from more than a dozen internet service...
View ArticleClik here to view.
MC-Semantics
MC-Semantics (or mcsema, pronounced 'em see se ma') is a library to translate the semantics of native code to LLVM IR. The MC-Semantics project is separated into a few sub-projects:Control Flow...
View ArticleClik here to view.
The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP (Inclusive...
The goal of this briefing was to demonstrate new attacks against HTTPS, the encryptiontechnology used to protect all websites against eavesdropping and impersonation.more...
View ArticleClik here to view.
Paper: Blindspot: Indistinguishable Anonymous Communications
Communication anonymity is a key requirement for individuals under targeted surveillance. Practical anonymous communications also require indistinguishability - an adversary should be unable to...
View ArticleClik here to view.
Paper: Advanced reversible Data Hiding With Encrypted Data
The advanced RDH work focuses on both data encryption and image encryption which makes it more secure and free of errors. All previous methods embed data without encrypting the data which may subject...
View ArticleClik here to view.
Paper: An Automated Social Graph De-anonymization Technique
We present a generic and automated approach to re-identifying nodes in anonymized social networks which enables novel anonymization techniques to be quickly evaluated. It uses machine learning...
View ArticleClik here to view.
Paper: Command & Control: Understanding, Denying and Detecting
One of the leading problems in cyber security today is the emergence of targeted attacks conducted by adversaries with access to sophisticated tools, sometimes referred to as Advanced Persistent...
View ArticleClik here to view.
How to Harden SSH with Identities and Certificates
Whether you just need to feel in power or you actually use shells for day-to-day tasks, the Secure Shell [SSH] is probably the most important administrative access tool to your servers. It's also one...
View ArticleClik here to view.
SteelCon 2014 - Process Injection with Python
Recently I presented at the SteelCon conference on using Python for manipulating processes memory, using the process injection technique as an example, to demonstrate how higher level scripting...
View ArticleClik here to view.
FireEye Paper: INVESTIGATING POWERSHELL ATTACKS
Microsoft Windows PowerShell has finally hit the mainstream for system administrators,defenders, and attackers. Though nearly ten years old as of 2014, PowerShell has onlyrecently become ubiquitous...
View ArticleClik here to view.
runtime-tracer
Dynamic tracing for binary applications (windows, linux). A pintool is used to generated traces, and a custom IDA plugin displays the trace information.The pintool captures memory snapshot, and...
View ArticleClik here to view.
Sysmon v1.0
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event...
View ArticleClik here to view.
The hidden perils of cookie syncing
Online tracking is becoming more sophisticated and thus increasingly difficult to block. Modern browsers expose many surfaces that enable users to be uniquely identified, including Flash cookies and...
View ArticleClik here to view.
“HEY BRIAN, HEYA HOMER, FANCY MEETING YOU HERE!” – ZEUS GOOTKIT, 2014 AD
A new Trojan mainly composed of Node.js and native C++ code currently targets a few French online banking website. This Trojan, embedded in a bootkit from the Cidox/Rovnix family, fully qualifies as a...
View ArticleClik here to view.
Facebook MailChimp Application OAuth 2.0 Misconfiguration
I am sharing one of my findings that I submitted to Facebook's Whitehat program earlier this year.Facebook Ads Manager provides a sort of integration with MailChimp, to fetch data to Facebook Ads...
View ArticleClik here to view.
Facebook FriendFeed Stored XSS
I'm writing about a stored XSS which I found on one of Facebook's Acquisition, FriendFeed.I started to check on FriendFeed website, for possible bugs, but failed to get anything good there. Then all...
View ArticleClik here to view.
THE LIE BEHIND 1.2 BILLION STOLEN PASSWORDS
Or: How Alex Holden Spends Most of the Day Chillaxing on TOR and Lurking Russian Hack BoardsPreface: I’d like to personally thank Rick Romell and Bill Glauber of the Milwaukee-Wisconsin Journal...
View ArticleClik here to view.
And a bit more on the topic. "BGP Hijacking for Cryptocurrency Profit"
The Dell SecureWorks Counter Threat Unit™ (CTU) research team discovered an unknown entity repeatedly hijacking networks belonging to Amazon, Digital Ocean, OVH, and other large hosting companies...
View Article