-
Steganography Challenge: My Solution, (Sat, May 10th)
When I tried to solve “Steganography Challenge” with the same method as I used in “Steganography Analysis With pngdump.py: Bitstreams“, I couldn’t recover the text message. So I looked into the source code of the encoding function EncodeNRGBA, and noticed this: To encode each of the pixels, there are 2 nested for loops: “for x”…
-
ISC Stormcast For Friday, May 9th, 2025 https://isc.sans.edu/podcastdetail/9444, (Fri, May 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
No Internet Access? SSH to the Rescue!, (Thu, May 8th)
This quick diary is a perfect example of why I love Linux (or UNIX in general) operating system. There is always a way to “escape” settings imposed by an admin… Disclaimer: This has been used for testing purpose in the scope of a security assessment project. Don’t break your organization security policies! To perform some…
-
ISC Stormcast For Thursday, May 8th, 2025 https://isc.sans.edu/podcastdetail/9442, (Thu, May 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Example of “Modular” Malware, (Wed, May 7th)
Developers (of malware as well as goodware) don’t have to reinvent the wheel all the time. Why rewrite a piece of code that was development by someone else? In the same way, all operating systems provide API calls (or system calls) to interact with the hardware (open a file, display a pixel, send a packet…
-
ISC Stormcast For Wednesday, May 7th, 2025 https://isc.sans.edu/podcastdetail/9440, (Wed, May 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Python InfoStealer with Embedded Phishing Webserver, (Tue, May 6th)
Infostealers are everywhere for a while now. If this kind of malware is not aggressive, their impact can be much more impacting to the victim. Attackers need always more and more data to be sold or reused in deeper scenarios. A lot of infostealers are similar and have the following capabilities: Antidebugging and anti-VM capabilities…
-
ISC Stormcast For Tuesday, May 6th, 2025 https://isc.sans.edu/podcastdetail/9438, (Tue, May 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
“Mirai” Now Exploits Samsung MaginINFO CMS (CVE-2024-7399), (Mon, May 5th)
Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected systems: SVP-AUG-2024 SVE-2024-50018(CVE-2024-7399) Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as…
-
ISC Stormcast For Monday, May 5th, 2025 https://isc.sans.edu/podcastdetail/9436, (Mon, May 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
