Cyber Crime Research Lab

By Dr. Peter Stephenson | Cyber crime technology research and news from the cyber underground.

Kaspersky: 70 percent of attacks now target Office vulnerabilities

That's more than four times the percentage the company was seeing two years before, in Q4 2016.<p>×<p>threat-landscape-2016-2018.png<p>Microsoft Office …

Kaspersky Lab

Say hello to Baldr, a new stealer on the market

<i>By William Tsing, Vasilios Hioureas, and Jérôme Segura</i><p>Over the past few months, we have noticed increased activity and development of new stealers. …

'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level

Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.<p>Looks like you've hit …

Information Security

TrickerBot malware attacks are ramping up ahead of Tax Day

A powerful data-stealing malware campaign with a tax theme is on the rise to target unsuspecting filers ahead of Tax Day.<p>TrickBot, a financially motivated trojan, infects Windows computers through a malicious Excel document sent by a specially crafted email. Once infected, the malware targets …

Technology

Mimikatz Credential Theft Techniques

This blog shares information on some examples of how the CrowdStrike® Falcon® OverWatch™ team has observed the open-source tool known as Mimikatz …

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware « Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Summary<p>Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out …

LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files

A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages …

Papua New Guinea

This new malware is scanning the internet for systems info on valuable targets

Newly identified Xwo malware could be laying the groundwork for far more damaging cyberattacks around the globe, warn researchers.<p>A new form of …

Technology

Mapping Out a Malware Distribution Network - AlienVault - Open Threat Exchange

More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include …

Web Servers

The Journey to Try Harder: TJNull’s Preparation Guide for PWK/OSCP

Table of Contents:<p>Overview<br>• Dedication<br>• A Word of Warning!<br>• Section 1: Getting Comfortable with Kali Linux<br>• Section 2: Essential Tools in Kali<br>• Section 3: …

Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to …

Forensics

How To: Compromise a Web Server & Upload Files to Check for Privilege Escalation, Part 1

Information gathering is one of the most important steps in pentesting or hacking, and it can often be more rewarding to run things on the target …

Computer Hacking

​How to differentiate between AI, machine learning, and deep learning

Tech leaders need to put AI and its subcategories into practice—and into common business vocabulary that everyone can understand.<p>Sage, a purveyor of …

Machine Learning

FIN7 Revisited: Inside Astra Panel and SQLRat Malware – Flashpoint

<i>By Joshua Platt and Jason Reaves</i><p>Despite the arrests of three prominent members of the FIN7 cybercrime gang beginning in January 2018, attacks …

Analysis of a Chrome Zero Day: CVE-2019-5786

1. Introduction<p>On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE …

Bank hackers team up to spread financial Trojans worldwide

The gang agreements focus on theft, malware capabilities, and territory grabs.<p>Banking Trojans are popular in cybercriminal schemes given the valuable …

How To: Gain SSH Access to Servers by Brute-Forcing Credentials

SSH is one of the most common protocols in use in modern IT infrastructures, and because of this, it can be a valuable attack vector for hackers. One …

New Ursnif Variant Targets Japan Packed with New Features

In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy …

Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise

Hackers have been refining their email phishing schemes to also nab the one-time passcode from two-factor authentication security setups, Google …

Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework

This post is not a deep analysis of TrickBot. Here, I did a quick analysis of a TrickBot sample from early 2019 by using the Ghidra Software Reverse …

Bypassing a restrictive JS sandbox

While participating in a bug bounty program, I found a site with a very interesting functionality: it allowed me to filter some data based on a …

A look at a bmp file with embedded shellcode

The sample today is from PaulM @melsonp<p>While watching his BSIDES Augusta talk from 2018 Here, at that the end he shows a picture file that gets …

Historical list of {Cobalt Strike,NanoHTTPD} servers

README.md<p>This repository contains a historical list of Cobalt Strike (or NanoHTTPD) hosts that have been identified using the "extraneous space" …

AI in cybersecurity: a new tool for hackers?

Imagine a constantly evolving and evasive cyberthreat that could target individuals and organisations remorselessly. This is the reality of …

SecLists - A Collection Of Multiple Types Of Lists Used During Security Assessments, Collected In One Place (Usernames, Passwords, URLs, Sensitive Data Patterns, Fuzzing Payloads, Web Shells, And Many More)

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. …

Next Generation Tools: Deception Networks | SC Media

There have been several predictions as to where adversary hacking is headed in the foreseeable future. Virtually all credible predictions have one …

Russian Hackers Go From Foothold to Full-On Breach in 19 Minutes

In the hand-wringing post mortem after a hacker breach, the first point of intrusion usually takes the focus: the phishing email that Clinton …

ML Algorithms: One SD (σ)- Bayesian Algorithms

The obvious questions to ask when facing a wide variety of machine learning algorithms, is “which algorithm is better for a specific task, and which …