With mitmproxy, a ncurses-based tool to intercept HTTP(s) connections is available as Open Source Software. This blog post reflects a more advanced usage of mitmproxy and its scripting engine for modifying passing traffic automatically. We have chosen, the communication of a Continue reading “Intercepting Twofish-encrypted HTTP traffic with mitmproxy”
The impact of GDPR on security research: A look at WHOIS
When individuals, companies, organizations, and governments register a domain, they are required to provide information to a domain registration company, called a registrar. This information usually includes their name, address, email address, phone number, administrative contact details (who has legal power and usually also who pays the bills), and technical contact details (who runs the infrastructure).1 Continue reading “The impact of GDPR on security research: A look at WHOIS”
Mobile Threat Defense – trying to extend established Enterprise Mobility Management
Portable devices like smartphones and tablets have developed from being just single-purpose communication tools to becoming valuable assets in business infrastructures and in personal life. Smartphones have become the most important devices in consuming digital media, purchasing goods Continue reading “Mobile Threat Defense – trying to extend established Enterprise Mobility Management”
Using “magic” DNS-resolutions to track suspicious domains
APT operators are humans, and humans are lazy and make mistakes. A common pattern seen in APT operations is “sleeping cycles” of domain names. Once an APT operator doesn’t need a C&C domain name, it gets pointed to a parking IP. This might be done to hide the real destination of the C&C Continue reading “Using “magic” DNS-resolutions to track suspicious domains”
Spectre-NG: LazyFP State Restore Vulnerability (CVE-2018-3665)
The first publicly accessible indication of a new Spectre-NG vulnerability appeared on June 5, 2018, in a commit message on the OpenBSD project. The log message briefly provides some technical background and states three reasons for the code change, including, “post-Spectre rumors suggest that the %cr0 TS Continue reading “Spectre-NG: LazyFP State Restore Vulnerability (CVE-2018-3665)”
Cryptomining: A Growing Threat
The rising prominence of cryptocurrencies worldwide incentivizes criminals to expand cryptocurrency mining operations, particularly when using compromised infrastructure forces others to bear any cost. In comparison with traditional targets of cybercrime, cryptocurrencies are also easily Continue reading “Cryptomining: A Growing Threat”