Fishing the Internet

Microsoft Office macros have historically posed a significant threat as the preferred method of delivering malicious payloads, accounting for almost half of all deliveries. The reason is simple: Microsoft Office products are highly prevalent and macros are mostly either enabled or easily enabled through a single mouse click. With Microsoft’s decision to block macros by default, threat actors have adapted their delivery techniques towards macro alternatives (e.g., Emotet ). One of those alternatives are Microsoft shortcuts , which have, in comparison to zero days or other fancy exploits, generally not received the attention they (sh|c)hould . In what follows, I will first provide a brief introduction to why and how macros were blocked as well as how to bypass the protections that were put in place. I will then give an overview of LNK files, one common alternative to macros, show how they are used in the wild, and finally discuss various ways for detection. Microsoft's decision to

Recently, during a weekend, Daniel and myself stumbled across Flutter-based apps that were not testable out-of-the-box due to Flutter-specific security decisions. Furthermore, we found that, despite the popularity of the framework, there is little information on how to best test such apps. We thus decided to dive deeper into the framework and came up with a blog post that first sheds some light on Flutter from a security perspective and then provides a step-by-step guide on how to test such apps. In total, it will provide four different approaches. With the increasing popularity of the framework and developers relying on Flutter-intrinsic security features, it is especially important to continue challenging them and equip more testers with the required skills to conduct tests. What is Flutter and what makes it important? Flutter is an open-source UI SDK created by Google. Like React Native, it is used to develop cross platform applications for Android, iOS, Linux, macOS, Windows, Googl

Following recent events in Ukraine, various cybersecurity agencies such as CISA or BSI have warned of potential data wiping attacks spillover to organisations in other countries. While destructive malware such as wipers are still rare and more targeted compared to malware focused on espionage and financial gains, there are reasons for believing that this wipers will become more prevalent: If hybrid warfare operations continue and/or intensify, it must be assumed that (destructive) cyber operations will increasingly be used alongside kinetic weapons despite the fact significant impact has not yet been observed in the current war. Sanctions and/or support for Ukraine by other countries may also increase the risk for Russian retaliatory cyber attacks against those countries. The increasing number of (sophisticated) hacktivists that support either Russia or Ukraine for ideological reasons (e.g., IT Army of Ukraine counts ~300,000 people in their Telegram group) may lead to more s