Category Archives: IT Pros

Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Par...

By in IT Pros • Last Updated: 8/14/2018
Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Part I

In my epic series on Windows binaries that have dual uses– talkin’ to you rundll32 and mshta — I showed how hackers can stealthy download and launch remote script-based malware. I also mentioned that pen testers have been actively exploring the living-off-the land (LoL) approach for post-exploitation. Enter Koadic. I learned about Koadic sort of by accident. For kicks, I decided to assemble a keyword combination of “javascript rundll32 exploitation” to see what would show…

The Malware Hiding in Your Windows System32 Folder: More Rundll32 and LoL S...

By in IT Pros • Last Updated: 9/24/2018
The Malware Hiding in Your Windows System32 Folder: More Rundll32 and LoL Security Defense Tips

When we left off last, I showed how it’s possible to run VBScript directly from mshta. I can play a similar trick with another LoL-ware binary, our old friend rundll32. Like mshta, rundll32 has the ability to evade the security protections in AppLocker. In other words, hackers can leverage a signed Windows binary to run handcrafted scriptware directly from a command line even though AppLocker officially prevents it. Evil. Oddvar Moe, one of this blog’s…

Verizon 2018 DBIR: Phishing, Stolen Passwords, and Other Cheap Tricks

By in Data Security, IT Pros • Last Updated: 5/11/2018
Verizon 2018 DBIR: Phishing, Stolen Passwords, and Other Cheap Tricks

Like the rest of the IT security world last week, I had to stop everything I was doing to delve into the latest Verizon Data Breach Investigations Report. I spent some quality time with the 2018 DBIR (after drinking a few espresso), and I can sum it all up in one short paragraph. Last year, companies faced financially driven hackers and insiders, who use malware, stolen credentials, or phishing as attack vectors. They get in…

Women in Tech: The Anatomy of a Female Cybersecurity Leader

By in IT Pros • Last Updated: 4/10/2018
women CISO CIO

Cybersecurity has a gender gap. According to the 2017 Women in Cybersecurity study, a joint venture between the Center for Cyber Safety and Education and the Executive Women’s Forum on Information Security, women only make up 11 percent of the total cybersecurity workforce. In addition to occupying a substantially small space in a massive global industry, the few women who are in cybersecurity hold fewer positions of authority and earn a lower annual salary than…

Adventures in Fileless Malware, Part V: More DDE and COM Scriplets

By in IT Pros • Last Updated: 6/13/2018
Adventures in Fileless Malware, Part V: More DDE and COM Scriplets

In this series of post, we’ve been exploring attack techniques that involve minimal efforts on the part of hackers. With the lazy code-free approach I introduced last time, it’s even possible to slip in a teeny payload into a DDE field within Microsoft Word. And by opening the document attached to a phish mail, the unwary user lets the attacker gain a foothold on her laptop. To bring the story up to date, Microsoft ultimately closed the…

Adventures in Fileless Malware, Part IV: DDE and Word Fields

By in IT Pros • Last Updated: 6/13/2018
Adventures in Fileless Malware, Part IV: DDE and Word Fields

For this next post, I was all ready to dive into a more complicated fileless attack scenario involving multiple stages and persistence. Then I came across an incredibly simple code-free attack — no Word or Excel macro required! — that far more effectively proves the underlying premise in this series: it ain’t that hard to get past the perimeter. The first attack I’ll describe is based on a Microsoft Word vulnerability involving the archaic Dynamic…

12 Ways Varonis Helps You Manage Mergers and Acquisitions

By in IT Pros • Last Updated: 3/5/2018
12 Ways Varonis Helps You Manage Mergers and Acquisitions

A well-constructed Merger & Acquisition (M&A) playbook reduces the overall time, cost and risk of the upcoming merger and/or acquisition. Gartner advises that organizations who intend to grow through acquisitions involve the CIO and IT teams early in the process by “sharing models with their business executives that raise the right questions and issues to consider.” Further, according to Gartner analysts Cathleen E. Blanton and Lee Weldon, CIOs should “create a reusable IT M&A playbook…

Adventures in Fileless Malware, Part II: Sneaky VBA Scripts

By in IT Pros • Last Updated: 6/13/2018
Adventures in Fileless Malware, Part II: Sneaky VBA Scripts

I’m a fan of the Hybrid Analysis site. It’s kind of a malware zoo where you can safely observe dangerous specimens captured in the wild without getting mauled. The HA team runs the malware in safe sandboxes and records systems calls, file created, and internet traffic, displaying the results for each malware sample. So you don’t have to necessarily spend time puzzling over or even, gulp, running the heavily obfuscated code to understand the hackers’…

Five Brain Hacks for Sysadmins and Infosec Pros

By and in IT Pros • Last Updated: 11/7/2018
Five Brain Hacks for Sysadmins and Infosec Pros

Automation has always been a good friend to IT. It’s helped us get our work done faster on projects that involved lots of tedium but required little technical skills. Automation allows us to focus our time on more rewarding projects that require years of experience and special tech wisdom. You know, like redesigning a Hadoop cluster or taming the company’s cable infrastructure so that it’s a thing of beauty. Of course, if only everything in…

DNSMessenger: 2017’s Most Beloved Remote Access Trojan (RAT)

By in IT Pros • Last Updated: 12/17/2017
DNSMessenger: 2017’s Most Beloved Remote Access Trojan (RAT)

I’ve written a lot about Remote Access Trojans (RATs) over the last few years. So I didn’t think there was that much innovation in this classic hacker software utility. RATs, of course, allow hackers to get shell access and issue commands to search for content and then stealthily copy files. However, I somehow missed, DNSMessenger, a new RAT variant that was discovered earlier this year. The malware runs when the victim clicks on a Word doc…

Top Azure Active Directory Tutorials

By in IT Pros • Last Updated: 11/17/2017
Top Azure Active Directory Tutorials

Remember a few years ago when security pros and IT admins were afraid to store business files on the cloud? Today, the circumstances are different. I recently spoke with an engineer and he said he’s getting more questions about the cloud than ever before. What’s more, according to Microsoft, 86% of Fortune 500 companies use Microsoft cloud services –  Azure, Office 365, CRM Online etc – all of which sit on Azure AD. And so…