List of data breaches and cyber attacks in July 2016 35,400,000 known records stolen

Lewis Morgan 27th July 2016 Another month is coming to a close, and once again it ends with a long list of data breaches and cyber attacks – a list that gets longer every month. Two breaches that stand out to me are the Wendy’s and Cici’s Pizza data breaches, in which point-of-sale (POS) malware… Read More »

Share Button

Cyber Security CyberSecurity Attack Pie Graph SQL Inection / XSS leading the way – DDoS attacks swept under the rug

Cyber Security Attack Pie Graph – you can see SQLi is still #1 however most XSS attacks are never even realized, additionally DDoS attacks might actually be the most common attack worldwide but many attacks are short burst that go unnoticed. Other DDoS attacks go unreported out of fear that it will hurt their brand and… Read More »

Share Button

Bro Logs Protocol Log Features Fields Description Cheat Sheet How To

State Meaning S0 Connection attempt seen, no reply S1 Connection established, not terminated (0 byte counts) SF Normal establish & termination (>0 byte counts) REJ Connection attempt rejected S2 Established, ORIG attempts close, no reply from RESP. S3 Established, RESP attempts close, no reply from ORIG. RSTO Established, ORIG aborted (RST) RSTR Established, RESP aborted… Read More »

Share Button

BRO vs Snort IDS Locky Ransomware tcpdump Traffic Sample Data Packet Analysis

(PCAP and Binary samples available with their usual password and location) Bro and Snort are completely different types of applications although they are commonly compared against one another. From a network security standpoint Snort can’t do much to detect new malware variants, obfuscation TTPs and other non-low hanging fruit we haven’t created a signature for.… Read More »

Share Button

Traffic Sample PCAP of FakeAV Malware and Kazy Trojan Downloader

Two key indicators: FakeAV POST – POST /hrrgkkwhjdwwwww/order.php?pid=390 (attempting to setup a payment for the FakeAV with the pid linking to the current session) Trojan Downloader function – GET /week.exe HTTP/1.1     2015-08-27 11:39:35.045855 ARP, Request who-has 192.168.56.1 tell 192.168.56.10, length 28 …….. .’*….8 ……..8. 2015-08-27 11:39:35.046218 ARP, Reply 192.168.56.1 is-at 0a:00:27:00:00:00, length 46 …….. .’…..8.… Read More »

Share Button

Penetration Testing Reconassaince Command Line Tricks Dig, Mass Domain Resolution, Ping Sweeping

Here are some simple command line tricks to help while doing recon on your target network/host A simple way to automatically resolve domain names, can be used with a for loop to resolve a massive list of domain names, you can also add a cronjob and create an .out file if you want to track… Read More »

Share Button

Analysis SecureStudies.com OSSProxy MarketScore OpinionSpy Adware/PUP/Trojan/Malware comScore vs Nielsen

A few days back one of our Virus/Malware file submission sites received close to a hundred executables from two IP addresses over an hour period for comScore, Inc related samples running AV detection scans against each file. This activity flagged some interest at first because the binary files were for various Operating Systems such as Linux… Read More »

Share Button

Adware loading Malware for Monetization? System Healer Social Engineers DNSChanger/Dynamer 185.17.184.11

Typically, malware will be installed through the use of exploit kits, spam e-mails, gifs laced with executables, torrents and so on. That being said, there is a fairly commonly downloaded software package known as “System Healer” being downloaded on the interwebs which claims to speed up your PC and optimize it. Are Sethealer.net/iSystemHealer.com/MagicPro.org serving up… Read More »

Share Button