unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
Authors: Boudewijn Meijer && Rick VeldhovenIntroductionAs defensive security products im...
2024-9-25 18:36:12 | 阅读: 11 |
收藏
|
Fox-IT International blog - blog.fox-it.com
bytecode
machine
operand
malicious
Sifting through the spines: identifying (potential) Cactus ransomware victims
Authored by Willem Zeeman and Yun Zheng HuThis blog is part of a series written by various D...
2024-4-25 12:0:0 | 阅读: 38 |
收藏
|
Fox-IT International blog - blog.fox-it.com
qlik
cactus
ransomware
ttf
security
Android Malware Vultur Expands Its Wingspan
Authored by Joshua KampThe authors behind Android banking malware Vultur have been spott...
2024-3-28 18:0:15 | 阅读: 11 |
收藏
|
Fox-IT International blog - blog.fox-it.com
vultur
payload
c2
vnc
Memory Scanning for the Masses
Author: Axel Boesenach and Erik SchamperIn this blog post we will go i...
2024-1-25 19:0:0 | 阅读: 9 |
收藏
|
Fox-IT International blog - blog.fox-it.com
memory
regions
windows
processes
skrapa
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Max Groot & Erik SchamperWindows Defender (the antivirus shipped with standard installa...
2023-12-14 13:13:0 | 阅读: 15 |
收藏
|
Fox-IT International blog - blog.fox-it.com
defender
windows
dissect
The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
Authored by Margit HazenbroekAt Fox-IT (part of NCC Group) identifying servers that host nef...
2023-11-15 22:0:8 | 阅读: 10 |
收藏
|
Fox-IT International blog - blog.fox-it.com
malicious
typos
anomalous
deviations
spelling
Popping Blisters for research: An overview of past payloads and exploring recent developments
Authored by Mick KoomenBlister is a piece of malware that loads a payload embedded insid...
2023-11-1 20:17:23 | 阅读: 22 |
收藏
|
Fox-IT International blog - blog.fox-it.com
blister
mythic
cobalt
From ERMAC to Hook: Investigating the technical differences between two Android malware variants
Authored by Joshua Kamp (main author) and Alberto Segura.SummaryHook and ERMAC are Andro...
2023-9-11 17:5:30 | 阅读: 52 |
收藏
|
Fox-IT International blog - blog.fox-it.com
ermac
victim
c2
decompiled
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScaler...
2023-8-15 21:29:56 | 阅读: 38 |
收藏
|
Fox-IT International blog - blog.fox-it.com
netscalers
citrix
divd
3519
netscaler
From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager
During a recent incident response case, we found traces of an adversary leveraging ConnectWise R...
2023-2-22 18:18:13 | 阅读: 45 |
收藏
|
Fox-IT International blog - blog.fox-it.com
r1soft
software
malicious
backup
zk
Threat spotlight: Hydra
This publication is part of our Annual Threat Monitor report that was released on the 8th of Feb...
2023-2-15 21:31:15 | 阅读: 22 |
收藏
|
Fox-IT International blog - blog.fox-it.com
c2
hydra
tas
injections
github
CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet
Authored by Yun Zheng HuRecently, two critical vulnerabilities were reported in Citrix ADC a...
2022-12-28 19:15:32 | 阅读: 76 |
收藏
|
Fox-IT International blog - blog.fox-it.com
citrix
adc
netscaler
qcow2
vpx
One Year Since Log4Shell: Lessons Learned for the next ‘code red’
Authored by Edwin van Vliet and Max GrootOne year ago, Fox-IT and NCC Group released their b...
2022-12-12 16:3:26 | 阅读: 24 |
收藏
|
Fox-IT International blog - blog.fox-it.com
log4shell
security
network
software
emergency
I’m in your hypervisor, collecting your evidence
Authored by Erik SchamperData acquisition during incident response engagements is always a b...
2022-10-18 23:1:35 | 阅读: 21 |
收藏
|
blog.fox-it.com
vmfs
dissect
acquire
machine
acquisition
Sharkbot is back in Google Play
Authored by Alberto Segura (main author) and Mike Stokkel (co-author)IntroductionAfter w...
2022-9-2 19:7:31 | 阅读: 26 |
收藏
|
blog.fox-it.com
sharkbot
c2
victim
Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
Max Groot & Ruud van LuijkTL;DRA recently uncovered malware sample dubbed ‘Saitama’ was...
2022-8-12 00:5:12 | 阅读: 28 |
收藏
|
blog.fox-it.com
saitama
c2
client
fox
tunnelling
Flubot: the evolution of a notorious Android Banking Malware
Authored by Alberto Segura (main author) and Rolf Govers (co-author)SummaryFlubot is an...
2022-6-30 01:16:34 | 阅读: 39 |
收藏
|
blog.fox-it.com
flubot
tas
c2
smishing
dga
Adventures in the land of BumbleBee
Authored by: Nikolaos Totosis, Nikolaos Pantazopoulos and Mike Stokkel...
2022-4-29 19:14:10 | 阅读: 24 |
收藏
|
blog.fox-it.com
bumblebee
network
loader
analysis
windows
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors:Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Ex...
2022-3-4 03:23:28 | 阅读: 43 |
收藏
|
blog.fox-it.com
sharkbot
c2
ats
transfers
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
tl;dr Run our new tool by adding -javaagent:log4j-jndi-be-gone-1.0.0-stand...
2021-12-14 07:11:44 | 阅读: 18 |
收藏
|
blog.fox-it.com
log4j
jndi
log4shell
jndilookup
javaagent
Previous
-18
-17
-16
-15
-14
-13
-12
-11
Next