Tom Webb (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Its summertime and your little hackers need something to keep them busy! Let look at some of the options for kids to try out. Ive tried out each of these programs and have had good luck with them. Please post in comments any site you have been successful with your kids in teaching them STEM …
About a week ago, a reader asked for help with a nasty typo squatting incident: The site, yotube.com, at the time redirected to fake tech support sites. These sites typically pop up a message alerting the user of a made-up problem and offer a phone number for tech support. Investigating the site, I found ads, …
Read more “Deceptive Advertisements: What they do and where they come from, (Wed, Jun 7th)”
In part 1, I gave some examples to recover XOR keys from encoded executables if we knew some of the content of the unencoded file (known plaintext attack). In this part, I give some examples to automate this process using my xor-kpa tool. xor-kpa.py takes 2 files as input: the first file contains the plaintext, …
Malware authors often encode their malicious payload, to avoid detection and make analysis more difficult. I regurlarly see payloads encoded with the XOR function. Often, they will use a sequence of bytes as encoding key. For example, lets take Password as encoding key. Then the first byte of the payload is XORed with the first …
Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields: Internet actors Google, Yahoo!, Facebook, … Software or manufacturers Apple, Microsoft, Adobe, … Financial Services Paypal, BoA, name your preferred bank, … Services DHL, eBay, … But the landscape of online services is ever changing …
Read more “Phishing Campaigns Follow Trends, (Fri, Jun 2nd)”
Last week, at a customer, we received a forwarded emailin a shared mailbox. It was somebody from another department that shared an invitation for a webcast that could be interesting for you, guys!. This time, no phishing attempt, no malware, just a regular email sent from a well-known security vendor. A colleague was interested in …
Read more “Sharing Private Data with Webcast Invitations, (Thu, Jun 1st)”
— Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction In my previous diary, I did a very brief introduction on what the ACH method is [1], so that now all readers, also those who had never seen it before, can have a common basic understanding of it. One more thing I have not mentioned yet is how the scores are calculated. There are …
Read more “Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2), (Wed, May 31st)”
— Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.