Uncategorized

Turkey Companies Targeted by RedBeard with Phishing Attacks

June 12, 2023 | NSFOCUS

I. Summary Recently, NSFOCUS Security Labs observed some phishing attacks targeting Turkish companies, including the Turkish industrial group Borusan Holding, communication operator Turkcell, bank Vakıf Katılım, and online lottery service company Nesine. The attacker placed different types of phishing documents and new Trojan programs in this group of activities to steal file data of the […]

Security Knowledge Graph | Cyberspace Mapping Strengthens Tailor-Made Security

August 22, 2022 | Jie Ji

The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS will publish a series of articles about the application of the security […]

Security Knowledge Graph | Build an APT Group Graph to Avoid the Information Island Effect

July 13, 2022 | Jie Ji

The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS will publish a series of articles about the application of the security […]

Cutting-Edge Technologies Empowering Security and Compliance of User Privacy Data

December 8, 2021 | Jie Ji

Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to better cope with the challenges […]

Microsoft’s Security Patches for January 2021 Fix 83 Security Vulnerabilities

January 25, 2021 | Adeline Zhang

Overview Microsoft released January 2021 security updates on Tuesday which fix 83 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Repository, ASP.NET core & .NET core, Azure Active Directory Pod Identity, Microsoft Bluetooth Driver, Microsoft DTV-DVD Video Decoder, Microsoft Edge (HTML-based), Microsoft Graphics Component, Microsoft Malware Protection Engine, […]

Attack and Defense Around PowerShell Event Logging

November 10, 2020 | Adeline Zhang

0x00 Overview PowerShell has been a focus of concern for network defense. The fileless PowerShell, featuring LotL and excellent ease of use, is widely used in various attack scenarios. In order to capture PowerShell-based attacks, an increasing number of security professionals tend to, through PowerShell event log analysis, extract attack records such as post-exploitation data […]

Intelligent Threat Analytics: Graph Data Structuring

October 13, 2020 | Adeline Zhang

The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to Zhou Tao, an algorithm expert, […]

DHDiscover reflection attacks can magnify nearly 200 times of the attack 2

October 8, 2020 | Adeline Zhang

DHDiscover reflection attack analysis In this chapter, we’ll demonstrate the threat status quo of DHDiscover reflection attack after referring to log data captured by the NSFOCUS Threat Capture System[AZ1]  from June 1, 2020 to August 18, 2020 at the port 37810. We analyzed the number of logs at the port 37810 as shown in the […]

DHDiscover reflection attacks can magnify nearly 200 times of the attack 1

October 4, 2020 | Adeline Zhang

1. Abstract In March 2020, Tencent published an article about a DVR being used for reflection attacks. Service port of this DVR is 37810, we named it DHDiscover service as there was DHDiscover shown in it. In the reflection attacks captured by Tencent, the scale of attack traffic exceeded 50G, and the reflection source regions […]

Function Identification in Reverse Engineering of IoT Devices

September 15, 2020 | Adeline Zhang

This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo […]