Collaborate Disseminate
During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog po… Continue reading CDN-Filestore Credit Card Stealer for Magento
Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection. Continue reading IcedID Trojan Rebooted with New Evasive Tactics
This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being able to load certain content – usually a phishing page or a mal… Continue reading Web Crawler & User Agent Blocking Techniques
I’m trying to understand if a software obfuscator is able to protect the variables from apps like Cheat Engine which allow the attacker to modify the memory at runtime.
Is this possible? If yes, which C# obfuscators are suitable for this t… Continue reading Is an obfuscator able to protect my app against Cheat Engine?
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners.
The hexadecimal/decimal obfuscation is clear to see when viewing the file’s … Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors
When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents.
In this m… Continue reading PHP Binary Downloader
In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the … Continue reading PHP Backdoor Obfuscated One Liner
For some time, I had been unable to alter hostname on Linux until the problem was aired on Superuser.
Querying how hostname operated on local wireless (DHCP) connections went unanswered. I see, having web searched, which I try to avoid, th… Continue reading Linux hostname and OS logging on local wireless networks
Thirdparty pentest company reported their findings in our iOS app.
In the report explanation for this vulnerability is
Apple provides default encryption for applications; however, the encryption could easily
be bypassed by using publicly … Continue reading Insecure Binary protection iOS Pentest Report
MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files.
During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content… Continue reading Skimmers in Images & GitHub Repos