Collaborate Disseminate
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want.
During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redi… Continue reading Malicious Pop-up Redirects Baidu Traffic
FinSpy has returned in new campaigns targeting dissident organizations in Egypt – and researchers uncovered new samples of the spyware targeting macOS and Linux users. Continue reading Mac, Linux Users Now Targeted by FinSpy Variants
I published the following diary on isc.sans.edu: “Party in Ibiza with PowerShell“: Today, I would like to talk about PowerShell ISE or “Integration Scripting Environment”. This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature:
The post [SANS ISC] Party in Ibiza with PowerShell appeared first on /dev/random.
Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security flaws that bad actors regularly exploit to their advantage.
… Continue reading Missing DMARC Records Lead to Phishing
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it?
I’ve previously written about malware that reverses security hardening measures enacted either … Continue reading WordPress Malware Disables Security Plugins to Avoid Detection
I’m working on an offline windows application that generates and loads key results as files. However, these files provide key insights into how our product works internally. To make matters worse my users will for sure be tech-savvy but no… Continue reading How to protect IP-sensitive data in files generated and used by users
Recently, one of the freelancing clients has asked me to decode one of Akamai’s Bot Protection obfuscated client-side Javascript code: https://www.nike.com/static/d3f82c7228dti2034ba208045f2e510cc
I’ve managed to completely de-obfuscate it… Continue reading Is to legal to de-obfuscate a Javacript code and sell to my employer?
Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why att… Continue reading Using assert() to Execute Malware in PHP 7 Environments
So, here is the deal:
I have a file I cannot change. I cannot, but I know in the future I will want to change it. It’s of my understanding that it’s not possible to make this file unchangeable while being root. But I want to make it so tha… Continue reading How can I protect me from… myself?
I published the following diary on isc.sans.edu: “Example of Word Document Delivering Qakbot“: Qakbot is back on stage at the moment! Many security companies already reported some peaks of activity around this malware. On my side, I also spotted several samples. The one that I’ll cover today has been reported by one of our
The post [SANS ISC] Example of Word Document Delivering Qakbot appeared first on /dev/random.
Continue reading [SANS ISC] Example of Word Document Delivering Qakbot