Starting yesterday, word of a new attack against WPA2 started to take over security news feeds. This “Key Reinstallation Attack” (aka KRACK) can be used to substantially weaken many WPA2 implementations. The web site created by the discoverer of the attack does explain the issues around this problem quite well, so I just want to …
We were contacted by a worried reader: he had found 2 seemingly identical µTorrent executables, with valid digital signatures, but different cryptographic hashes. With CCLeaner’s compromise in mind, this reader wanted to know why these 2 executables were different. I took a look at the 2 executables submitted by our reader: executable 1 and executable …
Readers often submit malware samples, and sometimes the complete email with attachment. For example exported from Outlook, as a .msg file. Did you know that .msg files use the Compound File Binary Format (what I like to call OLE files), and can be analysed with oledump? Reader Carlos Almeida submitted a .msg file with malicious …
When you start to work on a big project or within a team of developers, it is very useful to use a version control system. The most known are probably ’svn’[1] or ‘git’[2]. For developers, such tools are a great help to perform tasks like: to keep different versions of the same files to compare different …
Read more “Version control tools aren't only for Developers, (Thu, Oct 12th)”
October 2017 Security Updates Description MSFT Severity CVE Disclosed/Exploited Exploitability (old/current) Client Severity Server Severity Microsoft Office Remote Code Execution Vulnerability Important %%cve:2017-11825%% No/No ?/? Critical Important Internet Explorer Memory Corruption Vulnerability Critical %%cve:2017-11822%% No/No More Likely/More Likely Critical Critical %%cve:2017-11813%% No/No ?/? Windows Subsystem for Linux Denial of Service Vulnerability Important %%cve:2017-8703%% Yes/No …
Here is an interesting maldoc sample captured with my spam trap. The attached file is “PO# 36-14673.DOC” and has a score of 6 on VT[1]. The file contains Open XML data[2] that refers to an invoice: The fact that the file is reported as XML makes it less detectable by most AV: # file d1649e53f181012ec1d0a00d3a92a0f2 …
I had a JPEG file to analyze that would not render properly: image viewers would display an error, but no image. My new jpegdump tool confirmed that it started with the right JPEG markers, but that the data sizes were wrong: 2576 bytes for an APP0 marker is really large… Taking a look with a …
Recently the Center for Internet Security (CIS) released the CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises (SMEs). The Implementation Guide is directly mapped to the CIS Critical Security Controls and is focused on actionable steps that can be taken right now to assess and improve the cyber security posture and preparedness, particularly in small and medium …
Read more “CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises, (Sat, Oct 7th)”
As data speeds have increased over the last few years, and interface ports have become more and more multi-functioning and integrated, cables have started to pose a very particular and real danger. So far, they often have been ignored and considered “dumb wires”. But far from that, many cables these days hold logic chips of …
Read more “What's in a cable? The dangers of unauthorized cables, (Fri, Oct 6th)”
Many web browsers have the ability to quickly generate “curl” commands to replay a request. For example, in Google Chrome just open the “Network” pane in Developer Tools,” right click on the URL (leftmost column) and select Copy->copy as cURL. This is a great feature when inspecting and reversing HTTP APIs. But recently I ran into …
Read more “pcap2curl: Turning a pcap file into a set of cURL commands for "replay" , (Thu, Oct 5th)”