Collaborate Disseminate
A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation.
… Continue reading Bogus CSS Injection Leads to Stolen Credit Card Details
I’m studying the source code of malware developed in c++ and I have two questions in the source code below
This is probably code that loads malicious dlls into memory.
typedef BOOL (WINAPI *VirtualFreeT)(
__in LPVOID lpAddress,
__… Continue reading The hidden meaning of the source code of the malware?
How someone might run an encoded executable, mp3, or any other file safely in memory after being decrypted.
A use case might be someone trying to make code or a file only usable through their service or software, which is my case, I don’t … Continue reading How to decrypt a file to memory and run it from memory?
I recently developed an application that lets you "hide an image in plain sight" by obfuscating your image in a way that is unrecognizable so that you can save it or share it without worry. But then can be reversed so that it’s b… Continue reading Is my image scrambling implementation actually secure? [closed]
Is there any benefit to mixing vpn protocols as far as obfuscating your traffic. Would a multiple hop setup like (openvpn(server1) + wireguard(server2)) be better or is (openvpn(server1) + openvpn(server2)) just as good.
When you are under targeted surveillance and all of your internet traffic is tapped (including parts where you exit from a VPN to the internet), is there any point in using traffic obfuscation? It won’t matter if you use https, wireguard, … Continue reading Traffic obfuscation under targeted surveillance
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. Continue reading DeathStalker APT Spices Things Up with PowerPepper Malware
I am trying to figure out what is the best way to hide Tor traffic in order to improve anonymity.
While Tor is pretty good at hiding users’ IP addresses, its traffic stands out. This can be detrimental in some cases.
In this article (FBI a… Continue reading Hiding Tor traffic to prevent deanonymization
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze. Continue reading Blackrota Golang Backdoor Packs Heavy Obfuscation Punch
I published the following diary on isc.sans.edu: “PowerShell Dropper Delivering Formbook“: Here is an interesting PowerShell dropper that is nicely obfuscated and has anti-VM detection. I spotted this file yesterday, called ‘ad.jpg’ (SHA256:b243e807ed22359a3940ab16539ba59910714f051034a8a155cc2aff28a85088). Of course, it’s not a picture but a huge text file with Base64-encoded data. The VT score is therefore
The post [SANS ISC] PowerShell Dropper Delivering Formbook appeared first on /dev/random.
Continue reading [SANS ISC] PowerShell Dropper Delivering Formbook