d@n3n
220.6K views | +15 today
Follow
 
Scooped by Danen Raas
onto d@n3n
Scoop.it!

Developing a Self-Brute Forcing Payload for Veil

Developing a Self-Brute Forcing Payload for Veil | d@n3n | Scoop.it
This post will detail an upcoming Veil payload which brute forces its own decryption key and then injects the decrypted contents into memory.
more...
No comment yet.
d@n3n
Your new post is loading...
Your new post is loading...
Scooped by Danen Raas
Scoop.it!

Malspam Delivers Loki-Bot –

Malspam Delivers Loki-Bot – | d@n3n | Scoop.it

I received some malspam on 03/22/18 that contained two .doc file attachments. The subject of the email was “Order 2018-048 & 049, Please Confirm”. The attached exploit documents were named similarly to the subject of the email, “PO2018-048.doc” and “PO 2018-049.doc”.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Regedit.exe and a possible race condition

Regedit.exe and a possible race condition | d@n3n | Scoop.it
When launched with any of these it will call the advpack.dll!RegInstallW function passing to it one of the section names (called RegExe or UnregExe respectively) that are defined inside the .inf file embedded directly in the regedit.exe file:
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Go on very small hardware (Part 1)

Go on very small hardware (Part 1) | d@n3n | Scoop.it

How low we can Go and still do something useful? I recently bought this ridiculously cheap board: I bought it for three reasons. First, I have never dealt (as a programmer) with STM32F0 series.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Exploiting Browser Extensions & Context Menus

Exploiting Browser Extensions & Context Menus | d@n3n | Scoop.it

We all know them, we all use them everyday — context menus. These are the handy little windows when right clicking on content, which enables you to select a wide variety of options to interact with the data that’s presented to you. Though what’s different is that they look slightly different from application to operating system, but generally keep the basic idea.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

CVE-2018-0739: OpenSSL ASN.1 stack overflow

CVE-2018-0739: OpenSSL ASN.1 stack overflow | d@n3n | Scoop.it

This was a vulnerability discovered by Google’s OSS-Fuzz project and it was fixed by Matt Caswell of the OpenSSL development team. The vulnerability affects OpenSSL releases prior to 1.0.2o and 1.1.0h and based on OpenSSL team’s assessment, this cannot be triggered via SSL/TLS but constructed ASN.1 types with support for recursive definitions, such as PKCS7 can be used to trigger it.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Microsoft Releases Tool for Running Any Linux OS on Windows 10

Microsoft Releases Tool for Running Any Linux OS on Windows 10 | d@n3n | Scoop.it

Microsoft has released a tool on Monday to help Linux aficionados in porting their favorite Linux distro to run on the Windows Subsystem for Linux (WSL), a Windows 10 component that sideloads Linux distros on modern Windows 10 PCs. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Prevent bypassing of SSL certificate pinning in iOS applications

Prevent bypassing of SSL certificate pinning in iOS applications | d@n3n | Scoop.it

One of the first things an attacker will do when reverse engineering a mobile application is to bypass the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protection to gain a better insight in the application’s functioning and the way it communicates with its server.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Block Web traffic in Apache server using .htaccess

Block Web traffic in Apache server using .htaccess | d@n3n | Scoop.it

.htaccess file is a very important & useful file used to alter the configuration of Apache web server. .htaccess files can be used to change the configuration of the Apache Web Server to enable/disable additional functionality and features.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives | d@n3n | Scoop.it

Attackers are always looking for new ways to execute files on Windows systems. One trick involves using either AutoIT or AutoHotKey, simple tools that allow users to write small programs for all sorts of GUI and keyboard automation tasks on Windows.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Beyond good ol’ Run key, Part 75

Beyond good ol’ Run key, Part 75 | d@n3n | Scoop.it
This is a little, naughty trick that enables us to achieve persistence in a quite an unexpected way. When we talk about PATH environment variable, we know that we can set it to a specific variable using the Registry keys:
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Utility Spotlight: WMI Code Creator

Utility Spotlight: WMI Code Creator | d@n3n | Scoop.it
As a systems administrator you’re surely no stranger to Windows®Management Instrumentation (WMI), which gives you access to a wealth of management information and allows you to automate administrative tasks. To take full advantage of WMI you have to write queries to extract the information you need. And if you don’t have the ready-made queries already floating around in your head, you just might want to take the WMI Code Creator for a spin.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Configuring C++ IntelliSense and Browsing

Configuring C++ IntelliSense and Browsing | d@n3n | Scoop.it

C++ tutorials, C and C++ news, and information about the C++ IDE Visual Studio from the Microsoft C++ team. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Hackers Exploit Software into Sharing Data Via WebRTC (CVE-2018-6849)

Hackers Exploit Software into Sharing Data Via WebRTC (CVE-2018-6849) | d@n3n | Scoop.it

The security community has discovered a dangerous exploit that allows computer criminals to exploit VPN connections and private browsers thereby accessing sensitive data.

more...
fortenberryroofs's comment, June 6, 4:36 AM
Nice
Scooped by Danen Raas
Scoop.it!

VMware Cloud Foundation Architecture Poster 2.3

VMware Cloud Foundation Architecture Poster 2.3 | d@n3n | Scoop.it

VMware is pleased to release the latest VMware Cloud Foundation (VCF) architecture poster. VCF is a fully automated, hyper-converged software stack that includes compute, storage, networking and cloud management.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

De-obfuscating Jump Chains with Binary Ninja

De-obfuscating Jump Chains with Binary Ninja | d@n3n | Scoop.it

Malware authors uses extensive obfuscation techniques such as packing, junk code insertion, opaque predicates to harden malware analysis. Binary ninja has recently released a plugin to remove opaque predicates – that is, branch paths that are never taken.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

The little known (I think) secret of hosts.ics

The little known (I think) secret of hosts.ics | d@n3n | Scoop.it
Today I discovered that while everyone knows one can use the c:\WINDOWS\system32\drivers\etc\hosts file to introduce static entries to the DNS resolver there is one more file that can be utilized for this purpose.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

List all Windows programs with compatibility settings with AppCompatibilityView

List all Windows programs with compatibility settings with AppCompatibilityView | d@n3n | Scoop.it

AppCompatibilityView is a new application by one of our favorite developers Nir Sofer of Nirsoft that lists all Windows programs in its interface that run with non-standard compatibility settings. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Decompiling obfuscated Android applications

Decompiling obfuscated Android applications | d@n3n | Scoop.it

Code hardening (obfuscation and encryption) is an effective way of protecting mobile applications against reverse engineering. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

The data breach epidemic: no info is safe

The data breach epidemic: no info is safe | d@n3n | Scoop.it

By now it’s obvious that data security technology hasn’t kept pace with the needs of consumers. In 2017 alone, we learned about massive data breaches from major organizations like Equifax, Uber, and Verizon. In other words: We’re in the midst of a data breach epidemic. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

In-depth Formbook malware analysis - Obfuscation and process injection

In-depth Formbook malware analysis - Obfuscation and process injection | d@n3n | Scoop.it

Formbook is a form-grabber and stealer malware written in C and x86 assembly language. It’s a ready to sell malware, that can be used by cyber-criminals who don’t have any skill in malware development.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

The Best Hacking Books 2018

The Best Hacking Books 2018 | d@n3n | Scoop.it

In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, penetration testing, web application penetration testing and other InfoSec related subjects. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Security | DMA | Hacking: Total Meltdown?

Security | DMA | Hacking: Total Meltdown? | d@n3n | Scoop.it

Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A Scammer Tried to Scare Me into Buying Their Security Services - Here's How It Went Down

A Scammer Tried to Scare Me into Buying Their Security Services - Here's How It Went Down | d@n3n | Scoop.it

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards:

more...
No comment yet.