Cyber Crime Research Lab

By Dr. Peter Stephenson | Cyber crime technology research and news from the cyber underground.

Introduction to Monte Carlo Simulation

In my recent article, why simulation is the future of uncertainty evaluation, I explained why traditional analytical methods can sometimes be …

Monte Carlo

A Nasty Trick: From Credential Theft Malware to Business Disruption « A Nasty Trick: From Credential Theft Malware to Business Disruption

FireEye is tracking a set of financially-motivated activity referred to as TEMP.MixMaster that involves the interactive deployment of Ryuk ransomware …

Is 2FA Broken? Authentication Experts Weigh In

A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor …

Authentication

This Trojan attack adds a backdoor to your Windows PC to steal data

Hacking group TA505 is distributing a brand new form of malware – and using it to target banks and retailers.<p>A well-resourced and prolific hacking …

Social Issues

bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records

This script will try to find:<p>the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...<br>• an old server which still …

DNS

Unprovability comes to machine learning

Scenarios have been discovered in which it is impossible to prove whether or not a machine-learning algorithm could solve a particular problem. This …

Machine Learning

Dissecting Malicious Network Traffic To Identify Botnet Communication

A total of 60 packets were observed to be present in the pcap file. IP addresses identified:<p>192.168.45.130: port 1037 (service: ams) ;port 1038 …

DNS

2019 OSINT Guide

I have been doing a lot of Open-Source Intelligence (OSINT) lately, so to celebrate 2019, I decided to summarize a lot of tips and tricks I have …

Open Source Movement

National security depends on in-house penetration testing

INDUSTRY INSIGHT<p>The Government Accountability Office's report on the cybersecurity of the Department of Defense’s weapon systems revealed chronic …

Government Technology

Let’s dig into Vidar – An Arkei Copycat/Forked Stealer (In-depth analysis)

Sometimes when you are reading tons and tons of log of malware analysis, you are not expecting that some little changes could be in fact impactful.<p>I …

Vidar and GandCrab: stealer and ransomware combo observed in the wild

We have been tracking a prolific malvertising campaign for several weeks and captured a variety of payloads, including several stealers. One that we …

Ransomware

PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each …

Git

Open redirects - the vulnerability class no one but attackers cares about

Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential …

Google Search

T cell photos make data encryption truly random

A new encryption method uses T cells to protect data from hackers and malware.<p>The biological encryption key approach is unclonable and not …

Science

Matryoshka Phish, Author: Didier Stevens

Reader Frank submitted a suspicious email with attachment: a score of zero on VirusTotal, but McAfee warned for an exploit. Taking a look at the …

Encryption

0day in forticlient 6.0.3.0155

Forticlient Local Privilege Escalation to NT AUTHORITY/SYSTEM<p>Intro<p>We found 3 bugs that we could chain in order to go from a low priveleged user to NT …

Lua

Next Generation Tools: Deception Networks | SC Media

There have been several predictions as to where adversary hacking is headed in the foreseeable future. Virtually all credible predictions have one …

CMSmap – An Open Source CMS Scanner

Cmsmap is a python based CMS scanner for automating the process of vulnerability assessment in most popular CMS’s. It can search for interesting …

Ethical Hacking

Dissecting Cozy Bear’s malicious LNK file

Weaponized LNK files are not very popular way of distributing malware, but, of course, sometimes they take place. One of a good examples of such …

Encryption

How To: Use SQL Injection to Run OS Commands & Get a Shell

One of the ultimate goals in hacking is the ability to obtain shells in order to run system commands and own a target or network. SQL injection is …

Computer Hacking

Automated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?

Nonhuman, automated attacks on their own will be able to find and breach even well-protected companies. Nervous? You should be.<p>Opinions expressed by <i>Entrepreneur</i> contributors are their own.<p>If you think hacks are bad now, just wait a few more years-- because "the machines" are coming.<p>In the next few …

Cyber-attacks

Alert Regarding Vulnerability (CVE-2018-8653) in Microsoft Internet Explorer

JPCERT-AT-2018-0051<br>JPCERT/CC<br>2018-12-20<p>I. Overview<p>Microsoft has released Security Updates regarding vulnerability(CVE-2018-8653) in Microsoft Internet …

Windows 10

Attack Campaign Targets Financial Firms Via Old But Reliable Tricks

Among other tried-and-true cyberattack methods, the attackers hosted malware on the Google Cloud Storage service domain storage.googleapis.com to …

Information Security

New machine learning algorithm breaks text CAPTCHAs easier than ever

Algorithm tested against the text CAPTCHA systems used on 33 popular websites.<p>Academics from UK and China have developed a new machine learning …

Machine Learning

imaginaryC2 - Tool Which Aims To Help In The Behavioral (Network) Analysis Of Malware

<i>author:</i> Felix Weyne (website) (Twitter)<p>Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware.<p>Imaginary C2 …

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

<b>Overview</b><p>Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018. Since we began tracking LCG Kit, we have …

2019 Attacker Playbook

Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures …

Information Security

Malcom - Malware Communications Analyzer

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them …

Researchers Discover Next-Gen Cryptojacking Malware

Malware used to mine Monero on infected Windows Servers has evaded detection by relying on a complicated self-improvement algorithm. In a paper …