Ensar Seker
Cybersecurity | Artificial Intelligence | Blockchain

Oct 3

Typosquatting is a perfect use case because when people look at URLs and internalize their own misspellings, they are more likely to confuse the website the user visits in the email with the website they associate with the brand.

Typosquatting, or URLs hijacking, is a form of cybersquatting aimed at people who misenter web page addresses in their web browser URL fields. Compared to the typosquatting practice, cybersquatting involves the purchase of domain names to make money on the popularity or reputation of a particular brand or company. The…

Aug 7

Mandiant and FireEye reported that they discovered the APT29 group supported by the Russian nation-state that has been using domain fronting for over two years. Mandiant has been observing for at least two years how Russian nation-state attackers use domain-fronting techniques and clandestine backdoor access in victim environments.

Source: https://www.zdnet.com/article/def-con-new-tool-brings-back-domain-fronting-as-domain-hiding/

Domain fronting is a relatively new (ish) technique that allows attackers to conceal command and control traffic on infected computers by disguising themselves as traffic from trusted servers hosted on content delivery networks (CDNs).

You may have heard of domain fronting in the context of circumventing state censorship of popular…

·Jul 31

Pegasus Spyware has recently hit the headlines because it is used to target devices of critical people in various sectors of the country including journalists, activists, politicians, and business leaders.

Last week we saw a story after another on a company called NSO Group and a piece of software called Pegasus. These include shocking claims that updated smartphones can be hacked using a single text message. …

Jul 25

Malware has become more sophisticated and attacks vulnerabilities in countless ways. It includes new and dangerous species, including worms (named after the human parasitic worm), trojans, and ransomware which are not by strict definitions computer viruses and should be designated as such. In general, malware, worms, and Trojan horses can cause billions of dollars in damage and disrupt critical infrastructure in real life.

In our daily lives, we often say that we feel sick when we are infected with a virus. But we must not forget that each of these types of viruses represents a unique threat to their respective worlds. The same thing is valid for computer viruses. In this list, we…

Jul 20

The US Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity for the Federal Government and Defense Industrial Base (DIB). The CMMC is a unified standard that implements cybersecurity across the DIB, including over 300,000 companies in the supply chain. It is DoD’s response to a significant compromise of sensitive defense information contained in contractors’ information systems.

CMMC Maturity Process Progression — Source: DoD

When the Department of Defense realized that under NIST SP 800–171 it needed more structure than self-certification and compliance it began to develop what would later become the Cybersecurity Maturity Model Certification (CMMC). …

·Jul 18

The RATs themselves should consider using threat information to detect new digital threats and implement defenses and precautions. RATs play a prominent role in the execution of advanced persistent threats (APT).

Example Gh0st RAT Attack Scenario — Source: https://link.springer.com/chapter/10.1007/978-3-030-38557-6_18

A Remote Access Trojan (RAT) is a type of malware that allows attackers to remotely control your system. It is an application that allows hackers to get in the door and have administrative access to a computer. …

·Jun 20

X11 for Windows systems is a graphical window system common to Unix and Linux implementations and found in Windows software such as Hummingbird and surpassed by X Server. Several vulnerabilities have been found in X11 (xinput, evi, mit, shm, xfree86, misc extensions), Solaris X11 display server (xorg-1, xsun-1), and Solaris x11 print server (XPRT-1).

Source: https://resources.infosecinstitute.com/topic/exploiting-x11-unauthenticated-access/

Multiple vulnerabilities allow a local or remote, unprivileged user to execute arbitrary code with root privileges on the Solaris X11 display server from XHost [1] or XAuth [1] to access arbitrary memory and X server address space and crash the X11 display server process. …

·Jun 13

The Trusted Execution Environments are one of the technologies that help manufacturers, service providers, and consumers protect their devices and sensitive data. TEE protects the area of the hardware where the code is executed in isolation. The code executed in the trusted execution environment cannot be viewed or modified, so an attacker would only be able to execute malicious code with full privileges on the same processor.

A Trusted Execution Environment (TEE) is an environment in which the executed code and the data that is accessed are physically isolated and confidentially protected so that no one without integrity can access the data or change the code or its behavior. We are not aware of many devices in…

·Apr 10

Zero-knowledge proof systems that have received a lot of attention since their introduction are those that use a single message, such as proof of the existence of zero-knowledge or proof against a certain type of proof.

What is it?

A zero-knowledge proof protocol is a way for a prover to convince a verifier that a statement containing classified information is true without revealing even a single bit of information (or a fraction thereof) about that knowledge. This is because the prover can prove the accuracy of the claim to…

Mar 26

The billions of login credentials available on the dark web make it easy for cybercriminals to steal login credentials. It has been widely reported that automated access data — the plug-in attack that has found its way onto the internet — is hitting systems such as credit cards, bank accounts, and credit card numbers.

Credential Stuffing is a technique that involves an automatic injection attack to access online services with stolen credentials. In an attack on the login data, fraudsters use it to access consumer accounts to make fraudulent purchases, carry out phishing attacks and steal information and money.

Source: https://www.cloudflare.com/learning/bots/what-is-credential-stuffing/

This attack method is facilitated…

Ensar Seker

About

Write

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store