While I was browsing the Reverse Engineering sub on Reddit a few months ago, I came across a puzzle that the poster said came from a Danish newspaper …

As cybercriminals start to focus on pulling off attacks without leaving a trace, fileless malware will become a more common attack method. However, many of these malware are fileless only while entering a user’s system, as they eventually reveal themselves…

Below is a partial and edited flowchart of the malvertising chain that I got during this infection: An edited image of the infection chain is shown below: You can see that the Ramnit sample seems t…

Contribute to Awesome-Security-Gists development by creating an account on GitHub.

On Wednesday August 16th representatives for LG South Korea have confirmed they were the victim of a cyber attack, which hit them on Monday morning. The

Blog about anti-virus software and its issues.

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

2 points and 0 comments so far on reddit

About four months ago (April 2017), Vasilis Tsaousoglou and myself presented our work on exploiting Android's libc allocator at the 2017 INFILTRATE conference (Miami, Florida). Since version 5.0, Android has adopted the jemalloc allocator as its default libc…

On internal engagements, poisoning name resolution requests on the local network (à la Responder) is one of the tried and true methods of obtaining that coveted set of initial Domain credentials.  While this approach has worked on many clients, what if Link…

By  Lucas Apa (@lucasapa) Traditional industrial robots are boring. Typically, they are autonomous or operate with limited guidance and e...

kalirouter - intercepting kali router

Burp Suite is privileged to serve as a platform for numerous extensions developed and shared by our community of users. These expand Burp’s ...

Today we analyze a malicious HTML document that claims the user must download a compatibility plugin in order to view the UPS receipt.

Sysmon Shell can aid in writing and applying Sysmon XML configuration through a simple GUI interface, it can also be used to learn more about Sysmon config

Most people favour free AV, because it is free but don't
understand the difference between them and paid stuff. This post
compares free AVs to paid AVs.

comission - WhiteBox CMS analysis

Posted by James Forshaw, Project Zero Processes on Windows are securable objects, which prevents one user logged into a Windows machine...