malware 썸네일형 리스트형 The power of DNS rebinding: stealing WiFi passwords with a website DNS rebinding in briefDNS rebinding attacks are known since a long time as useful tools in the hands of attackers for subverting the browser Same-origin policy. The attack abuses DNS, changing the IP address of a website after serving the page contents, usually with some ad-hoc Javascript payload, tricking the browser into waiting some time for the DNS cache to invalidate and perform other reque.. 더보기 Unpacking CCTV Firmware I’ve been increasingly interested interested in firmware and have also stated in my previous articles that I would write an article on unpacking and hacking firmware. I thought this would be a good start. This isn’t some old firmware, the build date is February 2015 and has some interesting features. I see a lot of people writing articles on routers and thought I’d change things up a little and .. 더보기 A Javascript-based DDoS Attack as seen by Safe Browsing To protect users from malicious content, Safe Browsing’s infrastructure analyzes web pages with web browsers running in virtual machines. This allows us to determine if a page contains malicious content, such as Javascript meant to exploit user machines. While machine learning algorithms select which web pages to inspect, we analyze millions of web pages every day and achieve good coverage of th.. 더보기 Node.Js Server-Side JavaScript Injection Detection & Exploitation Late last year, Burp scanner started testing for Server-Side JavaScript (SSJS) code injection. As you’d expect, this is where an attacker injects JavaScript into a server side parser and results in arbitrary code execution.Burp Scanner Detecting SSJS Code Injection Burp uses arguably the best method there is for detecting SSJS code injection: time delays. This is more powerful than other methods.. 더보기 Deep dive into QUANTUM INSERT Summary and recommendationsQUANTUMINSERT (QI) is actually a relatively old technique. In order to exploit it, you will need a monitoring capabilities to leak information of observed TCP sessions and a host that can send spoofed packets. Your spoofed packet also needs to arrive faster than the original packet to be able to be successful.Any nation state could perform QUANTUM attacks as long as th.. 더보기 A Malicious Word Document Inside a PDF Document Yesterday Steve Basford informed us of yet another type of malicious document (Sales Invoice 519658.pdf MD5 bfe397fb9b7907ab34ba83f0f086336d). It is a PDF document, containing an embedded file, with JavaScript to extract the embedded file to a temporary folder and then open it. The embedded file is a malicious Word document like we've seen many of them the last months.When you open this PDF file.. 더보기 In-Memory ShellCode Detection Using a Patterns-Based Methodology During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals. As we can imagine, these sets of common instructions could be used first to locate and later to analyze and/or to identify general threats: embedded or injected code.In this article, we’ll focus on the identification and analysis of Metasploit an.. 더보기 DYREZA’S ANTICRYPT In the previous post, we have described how to set up a loft to monitor Dyreza with the help of virtual machines configured with breakpoints at addresses where communications appear in clear text. Configuration file updates can thus be obtained in real-time easily. Another way to monitor this kind of malware using a decentralised architecture is to implement parts of the malicious binary in a th.. 더보기 Malvertising, Exploit Kits, ClickFraud & Ransomware: A thriving underground economy Malvertising Malvertising involves using malicious online advertisements as a means to serve malware payloads to unsuspecting users. Cybercriminals leverage compromised advertising networks to serve malicious advertisements on legitimate websites which subsequently infect the visitors. This has become one of the most successful vectors of malware delivery for cybercriminals. Malvertising campaig.. 더보기 The CozyDuke APT CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The White House and Department of State are two of the most spectacular known victims.The operation presents several interesting aspectsextremely sensitive high profile victims and targetsevolving crypto and anti-detection capabilitiesstrong.. 더보기 이전 1 ··· 21 22 23 24 25 26 27 ··· 57 다음