![]() |
|
|
|
Analyzing an HTA file, (Sat, Feb 3rd)I received an Invoice.MHT file attached to an email:
Categories: Security
Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd)Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Jane’s 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body:
Categories: Security
ISC Stormcast For Friday, February 2nd 2018 https://isc.sans.edu/podcastdetail.html?id=5853, (Fri, Feb 2nd)Categories: Security
Adobe Flash 0-Day Used Against South Korean Targets, (Thu, Feb 1st)the Koren CERT announced that it is aware of a so far unpatched Adobe Flash vulnerability that is being exploited in targeted attacks [1]. All versions of Adobe Flash Player including 28.0.0.137 are vulnerable. 28.0.0.137 was released in January as part of Adobe's normal patch Tuesday. Adobe has not yet released an advisory, and the only confirmation so far is a twitter post from a Korean security researcher [2]. [See update below about Adobe's advisory]
Categories: Security
Adaptive Phishing Kit, (Thu, Feb 1st)Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid credentials and impersonate the user account or, in larger attacks, it is one of the first steps to compromise the final target. Phishing kits are usually mimicking well-known big Internet players (eBay, Paypal, Amazon, Google, Apple, Microsoft…[add your preferred one here]). I found an interesting phishing kit which adapts itself to the victim. Well, more precisely, it adapts to the victim email address.
Categories: Security
ISC Stormcast For Thursday, February 1st 2018 https://isc.sans.edu/podcastdetail.html?id=5851, (Thu, Feb 1st)Categories: Security
Cisco ASA WebVPN Vulnerability, (Tue, Jan 30th)Before I get too many "I'm surprised/disappointed you haven't mentioned..." emails let's get out a rough draft on CVE-2018-0101.
Categories: Security
Tax Phishing Time, (Wed, Jan 31st)Its that time of the year where you will start receiving fake tax information emails. So far today we have seen just a small campaign, but I think people will more likely be susceptible to this kind of email this year as most people have heard about changes to the tax code, but not sure what has changed and how it affects them.
Categories: Security
ISC Stormcast For Wednesday, January 31st 2018 https://isc.sans.edu/podcastdetail.html?id=5849, (Tue, Jan 30th)Categories: Security
Using FLIR in Incident Response?, (Tue, Jan 30th)Take a look at a few lines...
Categories: Security
ISC Stormcast For Tuesday, January 30th 2018 https://isc.sans.edu/podcastdetail.html?id=5847, (Tue, Jan 30th)Categories: Security
Comment your Packet Captures - Extra!, (Mon, Jan 29th)Xavier has an excellent tip for Wireshark users: Comment your Packet Captures!
Categories: Security
ISC Stormcast For Monday, January 29th 2018 https://isc.sans.edu/podcastdetail.html?id=5845, (Mon, Jan 29th)Categories: Security
Is this a pentest?, (Sun, Jan 28th)Sometimes, when I'm analyzing malware, I think: this is probably part of a penetration test.
Categories: Security
Investigating Microsoft BITS Activity, (Fri, Jan 26th)Microsoft BITS (“Background Intelligent Transfer Service”) is a tool present[1] in all modern Microsoft Windows operating systems. As the name says, you can see it as a "curl" or "wget" tool for Windows. It helps to transfer files between a server and a client but it also has plenty of interesting features. Such a tool, being always available, is priceless for attackers. They started to use BITS to grab malicious contents from the Internet. In May 2016, I wrote a diary about a piece of malware that already used BITS[2]. But the tool has many more interesting features (for the good as well the bad guys) like executing a command once the download completed, it can also control the bandwidth used (to remain stealthy).
Categories: Security
ISC Stormcast For Friday, January 26th 2018 https://isc.sans.edu/podcastdetail.html?id=5843, (Thu, Jan 25th)Categories: Security
Ransomware as a Service, (Thu, Jan 25th)Hunting on the dark web is interesting to find new malicious activities running in the background. Besides the classic sites where you can order drugs and all kind of counterfeited material, I discovered an interesting website which offers a service to create your own ransomware! The process is straightforward, you just have to:
Categories: Security
ISC Stormcast For Thursday, January 25th 2018 https://isc.sans.edu/podcastdetail.html?id=5841, (Thu, Jan 25th)Categories: Security
RTF files for Hancitor utilize exploit for CVE-2017-11882, (Wed, Jan 24th)Introduction
Categories: Security
|