A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

This blog contains write-ups of the things that I researched, learned, and wanted to share to others.

Unit 42 investigates the RANCOR group’s use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia

A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been releasedA DoS vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after…

Author: @Ambulong WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites. This wide adoption makes it an interesting target for cyber crimin

3 votes and 3 so far on reddit

We present new research that details crucial security weaknesses in Linux software that has been statically linked. We also provide a solution to temporarily resolve these security issues. Finally, we conclude by demonstrating how to have both RELRO [1] and…

During penetration testing exercises, the ability to make a victim connect to an attacker’s controlled host provides an interesting approach for compromising systems.

The proliferation of credit card skimming is evidence enough that many fraudsters’ target of choice is the payment terminal.

Ticketmaster has created this website for customers whose personal information may have been compromised in the Inbenta incident. Ensuring the safety and security of the personal data of customers is very important to Ticketmaster. As soon as it was determined…

Ticketmaster has created this website for customers whose personal information may have been compromised in the Inbenta incident. Ensuring the safety and security of the personal data of customers is very important to Ticketmaster. As soon as it was determined…

The TL;DR up front, because I hate buried leads. Microsoft created an undocumented API that gave incident handlers, forensic teams, and blue teams a tool that they have long wished for and that Microsoft denied having. This API was known to five major forensics…

I wrote a Python noscript (JSgen.py) to generate javanoscript code to be injected in case you find a Server Side Javanoscript Injection (SSJI). It supports both bind and reverse shells, and also two well…

Spoof SSDP replies to phish for NTLM hashes on a network. Creates a fake UPNP device, tricking users into visiting a malicious phishing page.

What is a Certificate Authority?Digital signature.What if the attacker tampered the certificate?Root CA.Chain of Trust.Browser verify the server certificate