Here is a comprehensive tutorial on cross-site scripting (XSS) attacks, ranging from entry to practice. Overview Note that XSS attacks are classified according to different angles in the preceding figure, but not simply classified into reflective XSS, stored XSS, and DOM-based XSS. In essence, XSS is injection of HTML code...
Category: Research & Reports
IP Reputation Analysis Report – August 2017
Executive Overview There was a 34.06% increase in number of IP addresses globally in the NSFOCUS IP Reputation databases this month compared to both the beginning of the year and post WannaCry and Petya (33.17% through July). Globally the number of Botnets did not change significantly. However, the overall percentage...
Phantom Squad – DDoS Threat
Overview It appears that the new syndicate of the Armada Collective referred to as the Phantom Squad is planning to launch a global DDoS attack on September 30th. Below you will find a screenshot of the mass spear-phishing email that has been distributed to many organization and companies around the...
Joao Malware Analysis
Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim's machine information to...
H1 2017 Cybersecurity Insights
Overview This year a significant amount of security events such as WannaCry, Petya, and NotPetya occurred adversely affecting a wide variety of social and economic activities. To mitigate threats brought by such events IT and security teams have spared no effort in combating against such attacks for the security and...
Remote Access Trojan KONNI Targeting North Korea Technical Analysis and Solution
This July a remote access trojan (RAT) KONNI was discovered to be involved in a cyberattack targeting North Korea, which was presumably linked to South Korea. This RAT spreads mainly through phishing emails. Specifically, the attacker first tries to have a powershell script executed via an .scr file, and then...
