Collaborate Disseminate
I know Javascript Cryptography is considered harmful because:
Secure delivery of Javascript to browsers is a chicken-egg problem.
Browser Javascript is hostile to cryptography.
The "view-source" transparency of Javascript is il… Continue reading Would Indistinguishability obfuscation make Javascript cryptography viable?
I published the following diary on isc.sans.edu: “Old Worm But New Obfuscation Technique“: Yesterday I found an interesting JavaSvript script delivered through a regular phishing campaign (SHA256:70c0b9d1c88f082bad6ae01fef653da6266d0693b24e08dcb04156a629dd6f81) and has a VT score of 17/61. The script obfuscation is simple but effective: the malicious code is decoded and passed to an eval()
The post [SANS ISC] Old Worm But New Obfuscation Technique appeared first on /dev/random.
Continue reading [SANS ISC] Old Worm But New Obfuscation Technique
I published the following diary on isc.sans.edu: “Did You Spot “Invoke-Expression”?“:
When a PowerShell script is obfuscated, the deobfuscation process is, most of the time, performed through the Invoke-Expression cmdlet. In… Continue reading [SANS ISC] Did You Spot “Invoke-Expression”?
As I had mentioned previously this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Addi… Continue reading Lessons from Teaching Cybersecurity: Week 5
As I had mentioned previously this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Addi… Continue reading Lessons from Teaching Cybersecurity: Week 5
Is there a way to obfuscate an existing .exe file?
I’m in a situation where I cannot transfer the winPEAS.exe file (for PrivEsc purposes) on a Win10 machine because of the AV blocking the executable.
Any other solution will be appreciated…. Continue reading Obfuscating an .exe file
A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most popular PHP web shells, like WSO or b374k.
After all, if these popular (and readi… Continue reading P.A.S. Fork v. 1.0 — A Web Shell Revival
I published the following diary on isc.sans.edu: “Nicely Obfuscated Python RAT“: While hunting, I found an interesting Python script. It matched one of my YARA rules due to the interesting list of imports but the content itself was nicely obfuscated. The script SHA256 hash is c5c8b428060bcacf2f654d1b4d9d062dfeb98294cad4e12204ee4aa6e2c93a0b and the current VT score
The post [SANS ISC] Nicely Obfuscated Python RAT appeared first on /dev/random.
One thing I’ve had hammered into me by pretty much every security expert I’ve talked to is that security by obfuscation is not a substitute for actual security measures. However, it has me wondering; are there any valid cases for security … Continue reading Does "Security By Obfuscation" have any place in good security practices? [duplicate]
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want.
During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redi… Continue reading Malicious Pop-up Redirects Baidu Traffic