Clik here to view.
Utilizing NLP To Detect APT in DNS
Imagine that after a nice, relaxing long weekend, you come in to work Monday morning at your job at the bank. While waking up with a cup of coffee, you begin checking email. Among the usual messages,...
View ArticleClik here to view.
Autopsy 3.1.2 Digital Forensic Platform Released
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to...
View ArticleClik here to view.
Scripting Beacons and Deploying Persistence
One common Cobalt Strike feature request is an API to script the Beacon payload. Doing this right is a big project and it requires some architectural changes within Cobalt Strike. I’m working on it. I...
View ArticleClik here to view.
Why A Free Obfuscator Is Not Always Free
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable – hours and hours of hard dev work, days of...
View ArticleClik here to view.
XML: A New Vector For An Old Trick
October 2014 saw the beginning of an e-mail campaign spamming malicious Microsoft Office documents. Mostly Word documents using the “old” binary format, but sometimes Excel documents and sometimes the...
View ArticleClik here to view.
USING ALTERNATE DATA STREAMS TO PERSIST ON A COMPROMISED MACHINE
Back in the days before Windows Vista, Alternate Data Streams used to be an acceptable way for malware authors to hide their malicious code. An Alternate Data Stream can be used to hide the presence of...
View ArticleClik here to view.
ProjectSend r561 - SQL injection vulnerability
#Vulnerability title: ProjectSend r561 - SQL injection vulnerability#Product: ProjectSend r561#Vendor: http://www.projectsend.org/#Affected version: ProjectSend r561#Download link:...
View ArticleClik here to view.
Crackme: In Memory Bruteforce
The hardest crackme from the NVISO Cyber Security Challenge 2015 qualifications was a really interesting challenge and forced me to come up with a creative solution.more...
View ArticleClik here to view.
Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research...
View ArticleClik here to view.
TLS-O-MATIC
Automated self-tests of TLS. Tests 1-15 are tests of certificate validation.Test 20 is based on recommendations from bettercrypto.org on how to configure Apache HTTPD for a strong server. Test 21 is a...
View ArticleClik here to view.
Mining public keys with IVRE
In my previous post I explain how I have run a scan against Internet-exposed Modbus-enabled devices, and share the results obtained.I have been asked several times why had I chosen to run a Zmap + Nmap...
View ArticleClik here to view.
Listen: Sound Of Botnets Helps Microsoft Fight Cybercrime
Last week Europol’s European Cybercrime Center led the takedown of a network of computers controlled by cybercriminals. Microsoft played an important role, taking legal action that led to the seizure...
View ArticleClik here to view.
Dozens arrested in cybercrime 'strike week'
The UK's National Crime Agency has arrested 56 suspected hackers as part of a "strike week" against cybercrime.In total, 25 separate operations were carried out across England, Scotland and Wales.Those...
View ArticleClik here to view.
autopwn- Specify targets and run sets of tools against them
autopwn is supposed to make a pentester's life easier by allowing them to specify tools they would like to run against targets, without having to type them all the time or write some dodgy script. This...
View ArticleClik here to view.
Paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps
Both Android and Java malware, delivered via ZIP-based packages, have reached high volumes in the wild, and continue to grow at a rapid rate. In his VB2014 paper, Gregory Panakkal explores the ZIP file...
View ArticleClik here to view.
Angler and the new threats
What I am writing is not a "news" anymore, but it is like a "consciousness raising" about the incredible job the guys behind Angler Exploit kit did.But, let me start from the beginning. For everybody...
View ArticleClik here to view.
powercat
powercatNetcat: The powershell version. (Powershell Version 2 and Later Supported)Installationpowercat is a powershell function. First you need to load the function before you can execute it. You can...
View ArticleClik here to view.
Skype worm reloaded
Skype worms are not exactly new anymore (unfortunately).Scenario is simply: someone on your friends list got infected and is now sending you a link to a ‘funny image’ or pictures of you. In this case,...
View ArticleClik here to view.
uTorrent silently installing bundled Bitcoin mining software
BitTorrent client uTorrent has come under fire from users after it emerged the software’s latest update comes bundled with Bitcoin mining software.The piece of software, named Epic Scale, is a Bitcoin...
View ArticleClik here to view.
TLS in HTTP/2
I’ve written the http2 explained document and I’ve done several talks about HTTP/2. I’ve gotten a lot of questions about TLS in association with HTTP/2 due to this, and I want to address some of them...
View Article