Handler on Duty: Guy Bruneau
Threat Level: green
Bojan Zdrnja Diaries
- The amazingly scary xz sshd backdoor
- Scanning and abusing the QUIC protocol
- Survival time for web sites
- Some things never change ? such as SQL Authentication ?encryption?
- Importance of signing in Windows environments
- Critical vulnerability in Splunk Enterprise?s deployment server functionality
- Local privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034)
- RCE in log4j, Log4Shell, or how things can get bad quickly
- Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
- Summer of SAM - incorrect permissions on Windows 10/11 hives
- Abusing Google Chrome extension syncing for data exfiltration and C&C
- Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
- Scoping web application and web service penetration tests
- Scanning with nmap?s NSE scripts
- Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
- Getting the best value out of security assessments
- Testing TLSv1.3 and supported ciphers
- Verifying SSL/TLS configuration (part 2)
- Verifying SSL/TLS configuration (part 1)
- Time is (partially) on our side: the new Exim vulnerability
- Getting (proper) value out of security assessments
- UAC is not all that bad really
- Relaying Exchange?s NTLM authentication to domain admin (and more)
- Tunneling scanners (or really anything) over SSH
- The end of the lock icon
- Exfiltrating data from (very) isolated environments
- One hash to rule them all: drupalgeddon2
- Side-channel information leakage in mobile applications
- SQL injection and division by zero exceptions
- Those pesky registry keys required by critical security patches
- Meltdown and Spectre: clearing up the confusion
- Battling e-mail phishing
- Free Bitcoins? Why not?
- Attacking NoSQL applications (part 2)
- Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
- Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
- Uberscammers
- OAUTH phishing against Google Docs ? beware!
- Powershelling with exploits
- SSL/TLS on port 389. Say what?
- Attacking NoSQL applications
- Verifying SSL/TLS certificates manually
- Security through obscurity never works
- YAFP (Yet Another Flash Patch)
- Abusing Oracles
- Exploiting (pretty) blind SQL injections
- When encoding saves the day
- Outsourcing critical infrastructure (such as DNS)
- Web security subtleties and exploitation of combined vulnerabilities
- When automation does not help
- Blindly confirming XXE
- New OpenSSL release fixes 2 moderate and 6 low vulnerabilities
- Assessing the risk of POODLE
- Verifying preferred SSL/TLS ciphers with Nmap
- Windows Previous Versions against ransomware
- Watching the watchers
- Massive PHP RFI scans
- Is XXE the new SQLi?
- DRG online challenge(s)
- Arrays in requests, PHP and DedeCMS
- MS13-056 (false positive)? alerts
- XATattacks (attacks on xat.com)
- Sessions with(out) cookies
- The race for resources
- SSHD rootkit in the wild
- Auditd is your friend
- Memory acquisition traps
- Analyzing outgoing network traffic (part 2)
- Analyzing outgoing network traffic
- DShield for Splunk
- Windows Firewall Bypass Vulnerability and NetBIOS NS
- Monitoring VMWare logs
- Monitoring Remote Desktop Services logs ... or not?
- pcAnywhere users – patch now!
- Is it time to get rid of NetBIOS?
- The tale of obfuscated JavaScript continues
- Beauty and the BEAST
- Bitcoin – crypto currency of future or heaven for criminals?
- When the FakeAV coder(s) fail
- Harry Potter and the Rogue anti-virus: Part 1
- Android, HTTP and authentication tokens
- More on Google image poisoning
- SQL injection: why can’t we learn?
- Adobe Flash 0-day being used in targeted attacks
- Tsunami in Japan and self modifying RogueAV code
- iOS 4.3 released, numerous security vulnerabilities patched
- Oracle padding attacks (Codegate crypto 400 writeup)
- HBGary hack: lessons learned
- Google Chrome and (weird) DNS requests
- Android malware enters 2011
- Secunia's DNS/domain hijacked?
- Privilege escalation 0-day in almost all Windows versions
- SSH password authentication insight and analysis by DRG
- Interesting PHP injection
- DLL hijacking vulnerabilities
- Do you like Bing? So do the RogueAV guys!
- Stored XSS vulnerability on YouTube actively abused?
- Down the RogueAV and Blackhat SEO rabbit hole (part 2)
- Down the RogueAV and Blackhat SEO rabbit hole
- Clickjacking attacks on Facebook's Like plugin
- Malware modularization and AV detection evasion
- Who needs exploits when you have social engineering?
- JavaScript obfuscation in PDF: Sky is the limit
- Dangers of copy&paste
- 0-day vulnerability in Internet Explorer 6, 7 and 8
- DRG (Dragon Research Group) Distro available for general release
- Rogue AV exploiting Haiti earthquake
- PDF Babushka
- Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
- Distributed Wordpress admin account cracking
- iPhone worm in the wild
- Opachki, from (and to) Russia with love
- Snort 2.8.5 is out
- Why is Rogue/Fake AV so successful?
- SMB2 remote exploit released
- Flash attack vectors (and worms)
- MS09-039 exploit in the wild?
- BIND 9 DoS attacks in the wild
- Increasing number of attacks on security sites
- YA0D (Yet Another 0-Day) in Adobe Flash player
- A new fascinating Linux kernel vulnerability
- Nmap 5.0 released
- OWC exploits used in SQL injection attacks
- Make sure you update that Java
- OpenSSH 0day FUD
- More on ColdFusion hacks
- Cold Fusion web sites getting compromised
- New VMWare Security Advisory
- Mobile phone trojans
- New Thunderbird out, patches couple of vulnerabilities
- Slowloris and Iranian DDoS attacks
- Apache HTTP DoS tool mitigation
- Apache HTTP DoS tool released
- Iranian hacktivism
- Advanced blind SQL injection (with Oracle examples)
- Health database breached
- Every dot matters
- Web application vulnerabilities
- Twitter worm copycats
- Advanced JavaScript obfuscation (or why signature scanning is a failure)
- JavaScript insertion and log deletion attack tools
- When web application security, Microsoft and the AV vendors all fail
- Massive ARP spoofing attacks on web sites
- MS09-002, XML/DOC and initial infection vector
- MS09-002 exploit in the wild
- More tricks from Conficker and VM detection
- Some tricks from Conficker's bag
- Conficker's autorun and social engineering
- An Israeli patriot program or a trojan
- 0-day exploit for Internet Explorer in the wild
- Rogue DHCP servers
- Finjan blocking access to isc.sans.org
- Adobe Reader vulnerability exploited in the wild
- Watch that .htaccess file on your web site
- VMWare ESX(i) 3.5 security patches
- Monitoring HTTP User-Agent fields
- When spammers use your own e-mails
- Mozilla releases Thunderbrid 2.0.0.16, fixes security vulnerabilities
- What's brewing in Danmec's pot?
- New Opera v9.51 fixes couple of security issues
- Detecting scripts in ASF files (part 2)
- Safari on Windows - not looking good
- INFOCon yellow: update your Debian generated keys/certs ASAP
- Debian and Ubuntu users: fix your keys/certificates NOW
- War of the worlds?
- (Minor) evolution in Mac DNS changer malware
- Windows Service Pack blocker tool
- Scripts in ASF files
- The 10.000 web sites infection mystery solved
- Opera fixes vulnerabilities and Microsoft announces April's fixes
- VB detection: is it so difficult?
- A bag of vulnerabilities (and fixes) in QuickTime
- Mixed (VBScript and JavaScript) obfuscation
- Linux, FreeBSD and Mac (!) bot
- Abusing Image File Execution Options
- More about mass web infections
- Deja Vu: Valentine's Storm
- Mass exploits with SQL Injection
- Treacherous malware: the story of Advatrix
- Gone in 3600 seconds: story about TCP Keep-Alives
- DNS changer Trojan for Mac (!) in the wild
- Anti Virus industry and VBScript/JavaScript detection
- Cyber Security Awareness Tip #1: Penetrating the This Does Not Apply To Me Attitude
- Spammers feeling lucky with Google
- Deobfuscating VBScript
- Arguments.callee.toString() demystified
- Raising the bar: dynamic JavaScript obfuscation
- Apple’s patch flood
- E-cards don’t like virtual environments
- Mass website hosting = mass defacements
- Fake Adobe Shockwave Player download page
- Yahoo! Messenger exploits seen in the wild
- 2 Yahoo! Messenger vulnerabilities (with PoCs)
- DDoS on anti-spam groups
- A Java exploit
- Analyzing (malicious) SWF file actions
- p0f, spam detection and OOF e-mails
- Better Business Bureau targeted malware spam
- Multiple vulnerabilities in Cisco IOS SSL implementation
- Opera fixes the torrent vulnerability
- Analyzing an obfuscated ANI exploit
- Dangerous document formats and social engineering
- Security update for QuickTime (7.1.5)
- phpMyFAQ being exploited
- JavaScript traps for analysts
- New Java update (1.5.0u11) and a Microsoft Word 2000 vulnerability
- Encrypted malware and code reusability
- Vulnerability in Acer’s LunchApp.APlunch ActiveX control
- Who needs sophisticated malware?
- Multiple vulnerabilities in Symantec Veritas NetBackup
- Sun JDK 5.0 Update 10
- Malware with new features
- Critical security vulnerability in WinZip 10
- MSXML 4.0 exploit in the wild
- Vulnerabilities in RFID-enabled credit cards
- Mozilla Firefox 2 officially released
- New Internet Explorer and an old vulnerability
- Heap overflow vulnerability in Opera 9.0, 9.01
- The Sleuth Kit (TSK) for Windows released
- More about the host based firewall on Windows XP SP2
- Tip of the day: using host based firewall on Windows XP SP2
- Wireshark (ex Ethereal) multiple vulnerabilities
- Problems with Intel wireless drivers
- MS06-040 exploit(s) publicly available
- Critical Ruby on Rails security vulnerability
- Browser *does* matter, not only for vulnerabilities - a story on JavaScript deobfuscation
- Security patches for Mozilla Firefox/Thunderbird/SeaMonkey
- “Order” e-mails and how to block them
- And *another* 0-day Linux kernel vulnerability
- 0-day exploit for Microsoft PowerPoint
- Perl bot exploiting vulnerabilities in Joomla and Mambo components
- Linux kernel PRCTL local privilege escalation
- MS06-039: vulnerabilities in Microsoft Office GIF and PNG parsers
- MS06-034 - unchecked IIS buffer vulnerability in ASP files processing
- Yahoo! user account phishing
- Two new Internet Explorer vulnerabilities disclosed including PoC
- Word macro trojan dropper and (another) downloader
- New Mambo, Joomla releases fix security vulnerabilities
- E-mails with malicious links targeting Australia
- More on Symantec vulnerabilities
- Multiple security vulnerabilities in Secure Elements Class 5 AVR (EVM)
- Link to 'a new Microsoft patch' being spammed
- Different strokes for different folks, spyware and browsers
- Critical vulnerability in Sophos Anti-Virus products
- Veritas pulls (some) patches for Backup Exec
- Vulnerabilities in L-Soft's LISTSERV and Microsoft's Visual Studio
- Sophos false positives on Mac OS X
- More spam for your inbox
- Corrupted Nyxems
- More on Nyxem
- New mass mailer spreading (Blackmal/Grew/Nyxem)
- What do the bad guys do with WMF?
- Ilfak Guilfanov's website, Hexblog.com back again
- Vulnerabilities in phpMyAdmin, Dell's TrueMobile 2300 Wireless Router and couple of PoC exploits.
- New AIM worm
- Apple Security Update 2005-009
- Strange phishing/spam e-mails
- Problems with Bloodhound.Exploit.45 pattern in Symantec AV
- ClamAV 0.87.1 released, fixes multiple security vulnerabilities
- New version of QuickTime (7.0.3)
- New Bagle variants