“Leaving the Backdoor Open: Risk of Remotely Hosted Web Scripts”

  Many websites leverage externally hosted scripts to add a broad range of functionality, from user interaction tracking to reactive design. However, what you may not know is that by using them you are effectively handing over full controlof your content to the other party, and could be putting your users at risk of having … Continue reading Leaving the Backdoor Open: Risk of Remotely Hosted Web Scripts
Read more

“Automated Hunting of Software Update Supply Chain Attacks”

  Software that automatically updates itself presents an attack surface, which can be leveraged en masse through the compromise of the vendor's infrastructure. This has been seen multiple times during 2017, with high profile examples includingNotPetya and CCleaner. Most large organisations have built robust perimeter defences for incoming and outgoing traffic, but this threat vector … Continue reading Automated Hunting of Software Update Supply Chain Attacks
Read more

“Acquiring a Memory Dump from Fleeting Malware”

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware
Read more

“Uncovering Targeted Web-Based Malware Through Shapeshifting”

Targeted Web-Based Malware? Malware authors are frequently observed leveraging server side scripting on their infrastructure to evade detection and better target their attacks. This includes both exploit kits and servers hosting secondary stage payloads, all of which can easily be set up to alter their responses based on the footprint of the visitor. This could … Continue reading Uncovering Targeted Web-Based Malware Through Shapeshifting
Read more