Search This Blog

Fishing the Internet

Publications

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

2022

Threat Hunting as a Proactive Security Measure in the Energy Sector (Fishing the Internet)
Threat-Hunting als proaktive Sicherheitsmaßnahme im Energiesektor (Tagesspiegel Background Cybersecurity)
The Rise of LNK Files (T1547.009) and Ways To Detect Them (Fishing the Internet)
Russia's War Against Ukraine: Effects on the Ukrainian LGBTQIA+ Community (with Insikt Group / Recorded Future)
Trust is good, testing is better: How to pentest Flutter apps (with Daniel Corak / Fishing the Internet)
Die zentralen Herausforderungen bei Cyberkriminalität (Tagesspiegel Background Cybersecurity)
Germany, Industrial Sector Hit Hardest by Ransomware in 2020 and 2021 (with Allan Liska, Charlotte Edwards / Recorded Future)
Ransomware Enforcement Operations in 2020 and 2021 (Recorded Future)
Wiper Malware: Purposes, MITRE Techniques, and Attacker's Trade-Offs (Fishing the Internet)
LOLBin Attacks With Scheduled Tasks (T1053.005) and How To Detect Them (Fishing the Internet)
Zero-Day: Das lukrative Geschäft mit Sicherheitslücken (Tagesspiegel Background Cybersecurity)
Vulnerabilities Disclosure mit chinesischer Prägung: Nutzen und Gefahren (with Nicolas Huppenbauer / inside-it.ch)

2021

Chaining Three Zero-Day Exploits in ITSM Software ServiceTonic for Remote Code Execution (with Daniel Corak / Security Research Labs)
Honeypot research shows variety of DDoS amplification methods (with Alberto del Rio / Security Research Labs)
Achieving Telerik Remote Code Execution 100 Times Faster (with Daniel Corak / Security Research Labs)
Incorrectly patched ZyXEL vulnerability becomes zero-day again (with Daniel Corak, Genco Altan Demir / Security Research Labs)

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Wiper Malware: Purposes, MITRE Techniques, and Attacker's Trade-Offs

Following recent events in Ukraine, various cybersecurity agencies such as CISA or BSI have warned of potential data wiping attacks spillover to organisations in other countries. While destructive malware such as wipers are still rare and more targeted compared to malware focused on espionage and financial gains, there are reasons for believing that this wipers will become more prevalent: If hybrid warfare operations continue and/or intensify, it must be assumed that (destructive) cyber operations will increasingly be used alongside kinetic weapons despite the fact significant impact has not yet been observed in the current war. Sanctions and/or support for Ukraine by other countries may also increase the risk for Russian retaliatory cyber attacks against those countries. The increasing number of (sophisticated) hacktivists that support either Russia or Ukraine for ideological reasons (e.g., IT Army of Ukraine counts ~300,000 people in their Telegram group) may lead to more s

The Rise of LNK Files (T1547.009) and Ways To Detect Them

Microsoft Office macros have historically posed a significant threat as the preferred method of delivering malicious payloads, accounting for almost half of all deliveries. The reason is simple: Microsoft Office products are highly prevalent and macros are mostly either enabled or easily enabled through a single mouse click. With Microsoft’s decision to block macros by default, threat actors have adapted their delivery techniques towards macro alternatives (e.g., Emotet ). One of those alternatives are Microsoft shortcuts , which have, in comparison to zero days or other fancy exploits, generally not received the attention they (sh|c)hould . In what follows, I will first provide a brief introduction to why and how macros were blocked as well as how to bypass the protections that were put in place. I will then give an overview of LNK files, one common alternative to macros, show how they are used in the wild, and finally discuss various ways for detection. Microsoft's decision to

Trust is good, testing is better: How to pentest Flutter apps

Recently, during a weekend, Daniel and myself stumbled across Flutter-based apps that were not testable out-of-the-box due to Flutter-specific security decisions. Furthermore, we found that, despite the popularity of the framework, there is little information on how to best test such apps. We thus decided to dive deeper into the framework and came up with a blog post that first sheds some light on Flutter from a security perspective and then provides a step-by-step guide on how to test such apps. In total, it will provide four different approaches. With the increasing popularity of the framework and developers relying on Flutter-intrinsic security features, it is especially important to continue challenging them and equip more testers with the required skills to conduct tests. What is Flutter and what makes it important? Flutter is an open-source UI SDK created by Google. Like React Native, it is used to develop cross platform applications for Android, iOS, Linux, macOS, Windows, Googl

Julian-Ferdinand Vögele

Threat Research @Recorded Future, formerly IT Security @Security Research Labs, MSc Computer Science @UCL