Windows Subsystem for Linux: Addressing Security Misconceptions and Risks

- Posted in Hardenings by
Windows Subsystem for Linux: Addressing Security Misconceptions and Risks
One of the great features of Windows is its ability to run Linux distributions through the Windows Subsystem for Linux (WSL). However, have you ever considered what actions you can perform in this [...] Read more

Aligning Malware Analysis Stages with the MITRE ATT&CK Framework: A Unified Approach to Threat Detection and Response

- Posted in Incident Response by
Aligning Malware Analysis Stages with the MITRE ATT&CK Framework: A Unified Approach to Threat Detection and Response
Background: In incident response, knowing how to analyze malware is crucial. Relying only on sandboxes to study malware behavior often isn't enough. Sandboxes might miss important details that could [...] Read more

Mastering Browser Extensions: Key Strategies for Effective Analysis and Threat Prevention

- Posted in Threat Analyze by
Mastering Browser Extensions: Key Strategies for Effective Analysis and Threat Prevention
Background: In today’s digital landscape, browser extensions are immensely popular for automating tasks and enhancing productivity. Millions of users rely on these tools to streamline their [...] Read more

Attacks over typosquated domains and the way of detection

- Posted in Hardenings by
Attacks over typosquated domains and the way of detection
Background: At the core of many successful attacks lies a simple idea: exploiting human perceptual weaknesses combined with psychological manipulation. One common method to achieve this is by using [...] Read more

Securing the Software Supply Chain: Detecting and Responding to Compromised Packages Due to Maintainer Account Compromises

- Posted in Other by
Securing the Software Supply Chain: Detecting and Responding to Compromised Packages Due to Maintainer Account Compromises
Background: Today, we heavily rely on open-source developed packages and solutions. Previous lessons have shown that compromises in these solutions can pose critical threats. These solutions serve as [...] Read more

Turning Specialized Platform Data Breaches into Defensive Insights

- Posted in Leak by
Turning Specialized Platform Data Breaches into Defensive Insights
Background: Since the beginning of the internet, a variety of communities have existed, ranging from hacking and malware development groups to those involved in insider information sales and illegal [...] Read more

Mitigating the Risk: CVE-2024-39929 and Securing Exim Servers

- Posted in Hardenings by
Mitigating the Risk: CVE-2024-39929 and Securing Exim Servers
Background: Exim is a mail transfer agent designed for Unix-like systems, providing flexible capabilities for managing your own email server. It serves as the entry point for email communication [...] Read more

The danger of leaked hash password from the perspective of defense in depth

- Posted in Leak by
The danger of leaked hash password from the perspective of defense in depth
Background: Before delving into the scope of leaked hashed passwords, it's important to understand the purpose of hashing. At a high level, hashing is a one-way function that transforms any input [...] Read more

RegreSSHion CVE-2024-6387 as a chunk of attack

- Posted in Incident Response by
RegreSSHion CVE-2024-6387 as a chunk of attack
Background: Qualys researchers have announced that a side effect, stemming from the default inclusion of OpenSSH in Ubuntu systems and widespread use in other distros, allowed them to achieve Remote [...] Read more

Understanding Supply Chain Attacks: The Case of Polyfill CDN

- Posted in Incident Response by
Understanding Supply Chain Attacks: The Case of Polyfill CDN
Background: A supply chain attack involving a popular JavaScript library being served over a dedicated content delivery network (CDN) could result in the injection of harmful code into web pages that [...] Read more
Page 10 of 11