Não Categorizado

Microsoft’s Security Patches for January 2021 Fix 83 Security Vulnerabilities

janeiro 25, 2021 | Mina Hao

Overview Microsoft released January 2021 security updates on Tuesday which fix 83 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Repository, ASP.NET core & .NET core, Azure Active Directory Pod Identity, Microsoft Bluetooth Driver, Microsoft DTV-DVD Video Decoder, Microsoft Edge (HTML-based), Microsoft Graphics Component, Microsoft Malware Protection Engine, […]

Attack and Defense Around PowerShell Event Logging

novembro 10, 2020 | Mina Hao

0x00 Overview PowerShell has been a focus of concern for network defense. The fileless PowerShell, featuring LotL and excellent ease of use, is widely used in various attack scenarios. In order to capture PowerShell-based attacks, an increasing number of security professionals tend to, through PowerShell event log analysis, extract attack records such as post-exploitation data […]

Intelligent Threat Analytics: Graph Data Structuring

outubro 13, 2020 | Mina Hao

The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to Zhou Tao, an algorithm expert, […]

DHDiscover reflection attacks can magnify nearly 200 times of the attack 2

outubro 8, 2020 | Mina Hao

DHDiscover reflection attack analysis In this chapter, we’ll demonstrate the threat status quo of DHDiscover reflection attack after referring to log data captured by the NSFOCUS Threat Capture System[AZ1]  from June 1, 2020 to August 18, 2020 at the port 37810. We analyzed the number of logs at the port 37810 as shown in the […]

DHDiscover reflection attacks can magnify nearly 200 times of the attack 1

outubro 4, 2020 | Mina Hao

1. Abstract In March 2020, Tencent published an article about a DVR being used for reflection attacks. Service port of this DVR is 37810, we named it DHDiscover service as there was DHDiscover shown in it. In the reflection attacks captured by Tencent, the scale of attack traffic exceeded 50G, and the reflection source regions […]

Function Identification in Reverse Engineering of IoT Devices

setembro 15, 2020 | Mina Hao

This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo […]

Future cyber security protection: reflection from the ups and downs of Covid-19-2

setembro 13, 2020 | Mina Hao

Biological virus and computer virus share similarities in some characters such as transmissibility. From the solutions to the COVID-19, we can learn the gain and loss of cyber security defense and protection, analyze the new trends and techniques and come up with the new ideas of defense and protection against attacks in the cyber security […]

Future cyber security protection: reflection from the ups and downs of Covid-19-1

setembro 12, 2020 | Mina Hao

2020 is almost halfway through, it is indeed a troubled period. Covid-19 swept all over the world in just a few months. The epidemic continues to spread and repeat, and has also changed many people’s inherent perceptions, including health care, public safety, organizational mobilization, economics and politics. The concept of computer virus is derived from […]

2020 H1 Cybersecurity Trends

setembro 11, 2020 | Mina Hao

01 Overview of the Vulnerability Trend In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, etc. […]

What You Should Know about OpenVPN Reflection Attacks

setembro 1, 2020 | Mina Hao

Executive Summary OpenVPN is an application layer VPN implementation based on the OpenSSL library and serves over port 1194. In September 2019, OpenVPN was found to be vulnerable to UDP reflection attacks. This document analyzes threat exposure of the entire network, common attack means, and the bandwidth amplification factor (BAF) of reflection attacks via the […]