Author: nate

The RADIUS protocol was originally introduced to authenticate dial-up users.( Remote Authentication Dial-In User Service). While dial-upmodems are gone, RADIUS has stuck around as an all-around authentication protocol for variousnetwork devices. RADIUS itself assumes a secure connection, which was fine during dial-up days, but in modern networks, RADIUS usually relies on TLS. Today, Stefan Winter …

Read more “FreeRadius Authentication Bypass, (Tue, May 30th)”

In threat intelligence, by definition, an analyst will most of the times have to perform assessments in an environment of incomplete information, and/or with information that is being produced with the purpose of misleading the analyst. One of the well-known methodologies is the Analysis of Competing Hypotheses (ACH) [1], developed by Richards J. Heuer, Jr., …

Read more “Analysis of Competing Hypotheses (ACH part 1), (Sun, May 28th)”

This multipurpose and feature rich tool has been available for a while now and is updated regularly. What I find the most interesting is the number of features that are available this tool. CyberChef is fully portable and can be downloaded locally as an simple HTML self-contained page that can run in any browsers or …

Read more “CyberChef a Must Have Tool in your Tool bag!, (Sun, May 28th)”

One of ourreaders, Gebhard,submitted a pointer to a tool today, released byTalos, that I wasnt familiar with. However, when I realized it could generate packets, I had to try it out. Its called File2pcap.The concept of the tool is that instead of having to download a file and capture the traffic in order to write …

Read more “File2pcap – A new tool for your toolkit!, (Fri, May 26th)”

Developers of Samba[1] disclosed a critical vulnerability that affects the file sharing component. Samba is a suite of tools that helps in the interoperability between UNIX with Microsoft Windows. The vulnerable component is the daemon that offers file sharing capabilities. As reported by HD Moore on his Twitter account[2], its trivial to trigger the vulnerability(just …

Read more “Critical Vulnerability in Samba from 3.5.0 onwards, (Thu, May 25th)”

Introduction Since 2017-05-11, a new ransomware named Jaff has been distributed through malicious spam (malspam) from the Necurs botnet. This malspam uses PDF attachments with embedded Word documents containing malicious macros. border-width:2px” /> Shown above: Flow chart for this infection chain. Prior to Jaff, weve seen waves of malspam using the same PDF attachment/embedded Word …

Read more “Jaff ransomware gets a makeover, (Wed, May 24th)”

What did we Learn from WannaCry? – Oh Wait, We Already Knew That!

A reader sent us an interesting find of a phishing site that is going after Uber credentials. Uber credentials are often stolen and resold to obtain free rides. One method the credentials are stolen is phishing. The latest example is using convincing looking Uber receipt emails. These emails feature a prominent link to uberdisputes.com. Uberdisputes.com …

Read more “Investigating Sites After They are Gone; And a Case of Uber Phishing With SSL, (Mon, May 22nd)”

Typosquatting has been used for years to lure victims You receive an email or visit an URL with a domain name which looks like the official one. Typosquatting is the art of swapping, replacing, adding or omitting some letters to make a domain looking like the official one. The problem is that the human brain …

Read more “Typosquatting: Awareness and Hunting, (Sat, May 20th)”

The massive spread of the WannaCry ransomware last Friday was another good proof that many organisations still fail to patch their systems. Everybody admits that patching is a boring task. They are many constraints that make this process very difficult to implement and… apply!Thats why any help is welcome to know what to patch and …

Read more “My Little CVE Bot, (Thu, May 18th)”