I'm back to publishing stuff after quite some time of absence. :-)
Check out a new project that takes some of my time the past days...
The ID10T's guide to a better security
I'd like to share some of my experiences and thoughts about security on that page. Please bare in mind, that all information is for educational purpose only and the majority of the pages is either a little outdated or a "work in progress".
If you like what I'm writing about or have some comments about any
enhancements, please feel free to send me a personal mail.
Thanks for reading anyway.
Marcus
My personal "Cyber News blog" of 2023
-
Neue TLD .zip bietet gutes Phishing
-
OSINT Status via DiscordBot
-
HIVE erpresst Mediamarkt
-
Google veröffentlich Cobalt-Strike-YARA-Regeln
-
OSINT
-
Automatic Protocol Reverse Engineering
-
Leak: 198 MILLIONS *** WHATSAPP NUMBERS *** 2022 *** VERIFIED NUMBERS !!
-
LastPass mit weiteren Breach
-
ML um DataExfil zu erkennen
-
Einsatz von Microsoft 365 bleibt datenschutzwidrig
-
htop mit IO Daten
-
Threema nutzt jetzt Ibex mit PFS
-
Datenschutz-Podcast des c’t Magazins
-
Datenleak Marke-Eigenbau in Zürich
-
Meta darf Nutzerdaten nicht für Werbung verwenden
-
iCloud bekommt mehr Ende-zu-Ende-Verschlüsselung
-
8.12.2022: Warntag heute erstmalig mit Cell Broadcast
-
Neuer Leitfaden zur Anonymisierung
-
USB-C ab 28. Dezember 2024 Pflicht in der EU
-
Kali Linux 2022.4 Release
-
Turnstile a user-friendly, privacy-preserving alternative to CAPTCHA
-
neues Chrome mit Passkey Unterstützung
-
EU-Staaten einigen sich auf digitale Brieftasche
-
Auch die Bösewichte sind nur Menschen
-
CryWiper: Sieht aus wie Ransom ist aber ein Wiper
-
Drokbk nutzt GitHUB API
-
Continental: IT-Einbruch erfolgte über heruntergeladenen Browser von Mitarbeiter
-
Microsoft Signed Drivers Being Used Maliciously
-
WAF FW können mit JSON umgangen werden
-
Redteam cheat sheet
-
Open Source Vuln Scanner
-
140K NUGET, NPM, AND PYPI PACKAGES WERE USED TO SPREAD PHISHING LINKS
-
Was sich durch die elektronische Arbeitsunfähigkeitserklärung ändert
-
ClamAV Ver. 1.0.0.´LTS
-
Wird "VeRA" zum Datenschutz-Albtraum?
-
Schweizer Gesundheitsdaten veröffentlicht
-
Wie man KI-generierte Texte erkennen kann
-
CCC erbeutet Biometrie-Datenbank des US-Militärs
-
Cyberattacke legt Verwaltung von Potsdam lahm
-
NIS2: Die Richtlinie "für ein hohes gemeinsames Cybersicherheitsniveau" ist diese Woche im EU-Amtsblatt erschienen.
-
TLS mit Wireshark entschlüsseln
-
Reversing Android
-
Open Source Software monitoring (GitHUB)
-
Proof of Concept for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-44704)
-
KillNET ruft zum Angriff gegen Deutschland
-
Das Department of Justice hat Hive "auseinander genommen"
-
ESXARG eine LinuxMalware
-
Lastpass wurde über Privat-PC eines Entwicklers kompromittiert
-
Google plant eine Alternative zu ChatGPT
-
ntv: Hacker spähen Stadtwerke Karlsruhe aus
-
Jahrelanger Breach bei GoDaddy
-
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
-
AI generiert polymorphe Malware
-
Die Welt sieht nach Deutschland: Razzien gegen DoppelPaymer in NRW
-
CISA veröffentlicht Hintergrundartikel zu Lockbit 3.0
-
Kaspersky veröffentlicht neuen Decryptor für Conti Ransom
-
filescan.io, eine weitere öffentliche Sandbox
-
PoC: Microsoft Outlook vulnerability for Windows (CVE-2023-23397)
-
Mastodon: Datenleck
-
CISA: MS Cloud Secuity "untitled goose"
-
GCHQ: CyberChef Ver. 10 released
-
GPT4ALL - ein lokales chatGPT
-
Azure Active Directory ermöglichte Datenklau bei Office365-Kunden
-
3CX VoIP-Client kompromittiert
-
Analyse des VulkanFiles Leaks
-
BSI Warnung ntp 4.2.8p15
-
Ransomware Angriff auf NCR
-
Nordrhein-Westfalen und das Abitur
-
Bitmarck - IT-Dienstleister der Krankenkassen (wieder) gehackt
-
Google Cloud europe-west9-a Zone
-
Intel schmilzt noch immer
-
PentestGPT - AI supported pentesting
-
Heute "World Password Day"
-
HP LaserJet CVE-2023-27971 CVSS 8.8 privilege elevation
-
MS Sharepoint scant PW-gesicherte Archive
-
Get the hash although the Defender Credential Guard is active
-
bypassing asymetric client side encryption
-
Building a chatbot based on you personal documents
-
A parts bin for satellite enumeration
-
Remcos RAT
-
(relaunch) News that I was reading/talking about in 2023
Find below the topics and news I took care about while trying to follow things that go on in the world while I was not looking....
mehr...
My personal "Cyber News blog" of 2020
-
Play with real IPv6 /48 at Hurricane Electric
-
SMBGhost Exploit PoC
-
Week 25
-
Windows Security Alert: Core System File Zero-Days Confirmed Unpatched
Davey Winder Senior Contributor is reporting about 4 new 0-Days at Forbes A core Windows system file called splwow64.exe, which is a printer driver host for 32-bit apps. The Spooler Windows OS (Win...
mehr... -
Apple releases iOS 13.5 to the public with Exposure Notification API, Face ID enhancements, more
Chance Miller has written about the new release of iOS 13.5: Apple and Google have been developing the Exposure Notification API with close guidance from public health officials. When a user enabl...
mehr... -
Week 21
-
Probe opened after mosques blare ‘Bella Ciao’ from minarets in Turkey’s west
-
Sourcecode: Corona-Warn-App Server
-
BIAS: Bluetooth Impersonation AttackS
-
easyJet Loses 9 Million Customers’ Data To Hackers
-
Massive ssh attacks ongoing, so check your logfiles...
-
Microsoft first shows DNS over HTTPS in Windows 10 Insider Preview Build 19628
-
Cuckoo2GO: A VMWare install of Cuckoo using a nested VirtualBox to analyze
-
Week 20
-
Autopsy: One day online course for free (until 15th May 2020)
Thanks Autopsy for providing you one day Autopsy online course for free.In deed a perfect way to spend Covid-19 time with something very useful. Although I used Autopsy a lot in the past, I still go...
mehr... -
Week 18
-
Week 17
-
Some cool Windows Usecases for Splunk
-
Week 16
-
Looking for another source to verify your malware hashes and contribute to the community?
-
Week 15
-
Coronaaaaa boaaaard
-
Week 14
-
COVID-19 work from home
-
Week 13
-
APT36 spreads fake coronavirus health advisory
-
Test yourself for CVE-2020-0796 aka CoronaBlue aka SMBGhost
-
Me != Airbus
-
Week 12
-
Started my GCFA preparation
-
Citrix CVE-2019-1978: remote code execution vulnerability
-
36c3 - FinFisher ev. broke the law
-
Sudelfeld at midnight
-
Happy New Year 2020
-
Week 01
-
Week 52
...
mehr...
My personal "Cyber News blog" (2019)
-
My SANS FOR508
-
Week 50
-
My Linux Forensic Cheatsheet
-
Week 49
-
Vitaly Kamluks bitscout to forensically inspect a remote customers machine
-
My Windows Forensic Cheatsheet
-
Week 48
-
Meetup 11.Dec.2019: Cyber Incident Handling Game, hosted by Dr. Andreas Rieb and Marcus Pauli
-
Conrad Electronics: Elasticsearch DB with 14 mio. customer records compromised
-
Week 47
-
Fast scan for CVE-2019-9798
-
Week 44
-
Exploring the MQTT Protocol with ESP8266
-
CVE-2019-15642 another Webmin Remote Code Execution (authenticated)
-
ZDNet: Simjacker attack exploited in the wild to track users for at least two years
-
Week 42
-
Portable ATM skimmer card detector
-
Animated workflow of the Enigma machine
-
Artemis: BGP-Hijack monitor
-
"Heartbleed" @ Marcus
-
Week 37
-
#postponed# My first own MeetUp: Save the date 12.09.2019
-
Visualize windows eventlogs with LOGONTRACE
-
SYSMON Test of your SIEM
-
Week 31
-
Week 30
-
Another "Lunch & Learn"
-
Google Home Silently Captures Recordings of Domestic Violence and More
-
Week 29
-
Logitech keyboards and mice vulnerable to extensive cyber attacks
-
Finding and Testing MisConfigured S3 Buckets
-
Week 28
-
Exploiting Android Through ADB With PhoneSploit
-
First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
-
heisec Emailcheck
-
Upgrade Confluence NOW
-
Fidelis - Deception Training
-
Week 28
-
Meetup: Airbus Defence and Space
-
Week 23
-
French gas stations robbed after forgetting to change gas pump PINs
-
APT39 Summary
-
Win back some privacy with a cone of silence for your smart speaker
-
Malicious applications in circulation! (GanCrab 5.2)
-
Thrangrycat 0Day: Cisco Secure Boot Hardware Tampering Vulnerability
-
China Chopper Malware affecting SharePoint Servers
-
CVE-2018-12130 ZombieLoad-Attack
-
Panama Citizens Massive Data Breach
-
TheGuardian: WhatsApp hack
-
Google: A global hub for privacy engineering, in the heart of Europe
-
Week 21
-
citycomp leak
-
Solutions for the GOOGLE CTF 2018 Hacking contest
-
German Secret Service should also be allowed to search online in domestic Germany
-
New Max Planck Institute for Cybersecurity and Privacy in Bochum
-
souvereign Runet
-
DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities
-
New Exploits for Unsecure SAP Systems
-
Week 19
-
Enhance Autopsy with ClamAV MD5s
-
Work on eliminating MS Telemetry services
-
VirusTotal for investigators workshop
-
Week 17
-
trimstray: Search engines for Hackers:
-
Matt Graeber: decompress WDAV .vdm files
-
Florian Roth: Reverse Shell Collection
-
Emad Shanab: Red Team, tips,tools,methods,and more:
-
Complete Mandiant Offensive VM, the first full Windows-based penetration testing virtual machine distribution
-
Radare 3.4.0 - Codename: "hufflepuff" released
-
Striker - Offensive Information And Vulnerability Scanner
-
VOOKI - Web Application Vulnerability Scanner
-
Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And
-
DDoS Added Syrian Censorship logs to
-
Chinese hackers poke the Bayer, but German giant says it withstood attack
-
Week 15
been busy for a view weeks......
mehr... -
Thunderclap flaws impact how Windows, Mac, Linux handle Thunderbolt peripherals
-
txt2re - knowing is obsolete :: regular expression generator
-
Windows Commands Abused by Attackers and their mitigation
-
Metasploit Framework User Agents
-
Need to escalate privileges without fancy tools?
-
Building a large scale Intrusion Detection System
-
Here comes the Sun (and TheHive 3.3-RC5)
-
Technical Analysis: Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers
-
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
-
while doing some forensics ...
-
Week 10
-
China: Order of the Ministry of Public Security
-
Hackers KO Malta's Bank of Valletta in attempt to nick €13m
-
Distributed Denial of Secrets
-
The Firebog: The Big Blocklist Collection
-
Sophos KB: Resolving outbreaks of Emotet and TrickBot malware
-
MISP OSINT Feeds
-
Paul Seekamp: Secure your printers !
-
Florian Roth: Very good SIGMA rule collection
-
Week 07
-
ENISA: Excellent training material
-
Week 06
-
2.2 billion passwords have been leaked and published
-
tor: Transparency, Openness, and Our 2016 and 2017 Financials
-
28th Januarry: European Data Protection Day
-
Week 05
-
France will engage in offensive cyber warfare
-
WhatApp phishing attempt from original SMS-source
-
BYOB (Build Your Own Botnet)
-
BAMF (Backdoor Access Machine Farmer)
-
Week 04
-
Passport pictures with the help of google search
-
Metasploit Framework 5.0 Released!
-
Week 03
-
Hacking Chromecasts/Google Homes/SmartTVs
-
The increased use of powershell in attacks
-
Some OSINT hints for #btleaks
-
Twitter leak or #BTLEAK
-
Week 02
A happy new year and welcome back to the exciting world of cyber related news that thrills cyber nerds and other freaks....
mehr... -
2019 content
This is the raw content that will be put into the Cybernews blog....
mehr...
My personal "Cyber News blog" (2018)
-
ALEXA: Bit**, stop sharing my intimities
-
2018 Week 52
-
0xffff0800: Excellent malware sample repository
-
2018 Week 51
-
Fürstenfeldbruck: Malware completely paralyzes hospital IT
-
Cyber attack: KraussMaffei blackmailed by hackers
-
2018 Week 50
-
1st responder action for IR
-
Free: IOC and YARA scanner Spark
-
sysmon: Hunting for evil: detect macros being executed
-
Someone Hacked 50,000 Printers to Promote PewDiePie YouTube Channel
-
Data breach: Marriot Hotel reservation system
-
Excellent: Windows Post Exploitation Article found
-
2018 Week 49
-
Good source to create a Usecase: Windows Commands Abused by Attackers
-
p3nt4: Run PowerShell with dlls only
-
Amazon admits it exposed customer email addresses, but refuses to give details
-
Awesome Windows Domain Hardening
-
On personal behalf: Me in the news...
-
2018 Week 48
-
Mail Header Analyzer: Parse the mailheader
-
FCL - Fileless Command Lines
-
Instagram accidentally exposed some user passwords through its data download tool
-
NIST: Guide to Malware Incident Prevention and Handling for Desktops and Laptops
-
2018 Week 47
-
WIRED: THE HAIL MARY PLAN TO RESTART A HACKED US ELECTRIC GRID
-
US Cyber Command starts uploading foreign APT malware to VirusTotal
-
Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
-
Privilege escalation and file overwrite in X.Org X server 1.19 and later
-
SIGMA: A converter that generate searches/queries for different SIEM systems [work in progress]
-
Find comon false-pos in your threat intel DB
-
Persistent GCP backdoors with Google’s Cloud Shell
-
PasteJacker
-
2018 Week 46
-
SMB MiM made easy
-
VirtualBox E1000 0day
-
CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures
-
Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407)
-
Help for preparing the CISSP Exam
-
2018 Week 45
-
German offcial cybercrime report 2017
-
CORRECTION:
TheVerge: Today, executives from both Amazon and the server manufacturer, Super Micro, are calling for the retraction of a Bloomberg report published earlier this month. The report alleged that t...
mehr... -
2018 Week 43
-
Cathay Pacific: 10 million customer records stolen
-
Windows Defender Antivirus can now run in a sandbox
-
British Airways: 185K Affected in Second Data Breach
-
IBM buys RedHat
-
F5 Labs: IoT become top attack surface
-
The sample analysis of APT-C-27’s recent attack
-
Exploit DB: Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
-
FireEye: APT38: Details on New North Korean Regime-Backed Threat Group
-
2018 Week 44
-
Undetectable C# & C++ Reverse Shells
-
Video: Android malware analysis - fake Sagawa malware
-
Myself in the news ...
-
Naked Security: How Chrome and Firefox could ruin your online business this month
-
2018 Week 42
-
Known issues updating to Windows 10, version 1809 (2.Oct.2018)
-
ICANN changes DNSSEC Keys *TODAY* 11.Oct.18
-
WhatsApp: Heap Corruption in RTP processing
-
Greenbone VA: Check for Ver. 4.2.21
-
Bloomberg: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
-
2018 Week 41
-
70+ different types of home routers(all together 100,000+) are being hijacked by GhostDNS
-
Hybrid Analysis with new YARA capabilities from Falcon MalQuery
-
Thunderbird / Enigmail does not encrypt while saying it does
-
Preparing for a "Lunch&Learn" - OSINT
-
Great help for reconnaissance
-
APT38: Details on New North Korean Regime-Backed Threat Group
-
2018 Week 40
-
Meet Black Rose Lucy, the Latest Russian MaaS Botnet
-
Hackers Target Port of Barcelona, Maritime Operations Not Affected
-
CVE-2018-8392 | Microsoft JET Database Engine Remote Code Execution Vulnerability
-
2018 Week 38
-
2018 Week 39
-
Wired: THE MIRAI BOTNET ARCHITECTS ARE NOW FIGHTING CRIME WITH THE FBI
-
Avira: XBash – the all-in-one botnet
-
Splunk MISP feed integration
-
PowerPool Malware Uses Windows Zero-Day Posted on Twitter
-
British Airways: Customer data theft
-
Did you know that cyberchef from GCHQ is available via docker?
-
Discovering patterns in network traffic with silk
-
Android Banker with 190+ targeted banking apps unvieled
-
Excellent links for our work
-
2018 Week 35
-
2018 Week 34
-
Hackers Stole Personal Data of 2 Million T-Mobile Customers
-
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
-
(Linux) TCP implementations vulnerable to Denial of Service
-
0-Day: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface
-
2018 Week 33
-
DEF CON 23 - Sean Metcalfe - Red vs Blue: Modern Active Directory Attacks & Defense
-
SamSam: The (Almost) Six Million Dollar Ransomware
-
Necurs Targeting Banks with PUB File that Drops FlawedAmmyy
-
How to embed a powershell meterpreter into your favicon.ico
-
Hacking the Fax (by Checkpoint research)
-
2018 Week 33
-
Airbus - We make it fly ...
-
WPA2 is dead, long life WPA2
-
Hackers gain access to thousands of Swiss email accounts
-
2018 Week 32
-
New remote spectre attack
Remember that all major processor vendors suffer from a originaly performance enhancing vulnerability? Certain memory areas used to precompute (specutaltively) results, are not protected against...
mehr... -
2018 Week 31
-
Banking: Trickbot campaign spoofing Chase Bank “Important account documents”
-
ICS/SCADA: Flaws Expose Siemens Protection Relays to DoS Attacks (TCP:102)
-
ICS/SCADA: Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
-
2018 Week 29
-
Has an email address been leaked?
-
Now legal in the US: Make 3D-files of guns available to public
-
Do we monitor BGP HiJacks and false route propagations for our customers?
-
Cool reconnaissance
-
2018 Week 28
-
French news
-
:-( Bye Bye UK - UK rebuffed over Galileo sat-nav procurement
-
Your own FireEye-like threat map with Splunk
-
Using the Office 365 Activities API to Investigate Business Email Compromises
-
EagleEye: Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
-
2018 Week 27
-
a tweet, nmap and Kali
-
Fancy additions to the PasteHunter for Splunk
-
CVE-2018-8225 / Windows Domain Name System 'DNSAPI.dll' Lets Remote Users Execute Arbitrary Code on the Target System
-
CVE-2018-8235 / Microsoft Edge Multiple Bugs Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions on the Target System
-
2018 Week 25
-
Exploit Kit Deliver GandCrab Ransomware part III - Payload
-
Launching VirusTotal Monitor, a service to mitigate false positives
-
HIDDEN COBRA - North Korean Malicious Cyber Activity
-
Post 0x10: A Revised Emotet Downloader
-
IREC: Free evidence collector as alternative to RedLine
-
2018 Week 26
-
Androids debug bridge is pre-enabled and open to the internet on many asian cellphones
-
Easy enhance your SOHO secuity: DNSSEC in 5 minutes
-
VPN-Filter
-
2018 Week 24
-
Marcus in the news ...
-
ATT&CK Intel query tool for MITRE
-
How Apple stores all your email metadata for years on their servers
-
2018 Week 23
-
Hunting for evil: detect office macros being executed
-
Passing the hash with native RDP client (mstsc.exe)
-
The Evil Mouse Project
-
2018 Week 21
-
Hacking attempt on central.owncloud.org
-
EFAIL
-
2018 Week 20
-
BBC: Twitter users told to change passwords after internal leak
-
APT simulation using Splunk
-
2018 Week 19
-
NetRipper
-
APT simulator
-
2018 Week 18
-
GMail update
-
MyEtherWallet hit by BGP hack
-
2018 Week 17
-
Goodies from UK
-
Rapid Ransomware Continues Encrypting New Files as they Are Created
-
Uncovering Drupalgeddon 2
-
Alert (TA18-106A) Russian State-Sponsored Cyber Actors
-
2018 Week 16
-
Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app
-
Holey Beep (CVE-2018-0492) is the latest breakthrough in the field of acoustic cyber security research.
-
TURLA aka EpicTurla, Waterbug, Whitebear, Venomous Bear, KRYPTON, TAG_0530, Pfinet, WRAIT, Grou 88, Snake, Hippo Team
-
Multi-Stage Email Word Attack Without Macros
-
2018 Week 15
-
Introducing new public DNS Resolver, 1.1.1.1 (not a joke)
Cloudflare is intraducing a new public DNS resolver that claims to be much better in terms of data-privacy then the public Google ones. Read their blog here. Cloudflare’s mission is to help buil...
mehr... -
Boeing hit by WannaCry virus, but says attack caused little damage
As per the original article by the Chicago Tribune: Boeing was hit Wednesday by the WannaCry computer virus, and after an initial scare within the company that vital airplane-production equip...
mehr... -
The BND is said to have installed a monitoring system in a tower in the Frauenkirche in Munich
"God is a spy" The "Die Welt" has published a germnan article about the abuse of the landmark of the city of munich. "Falls of the Federal Intelligence Service(BND) has used the technical eq...
mehr... -
Notice to stakeholders: withdrawal of the United Kingdom and EU rules on .eu domain names
-
Rs 500, 10 minutes, and you have access to billion Aadhaar (1.4 billion India citizen) details
-
2018 Week 14
-
Oracle vs. Google is still a thing, thanks to US federal court
-
Mastermind behind €1 billion cyber bank robbery arrested in Spain
-
Total Meltdown?
-
Mine cryptocurrencies Monero (XMR) and Electroneum (ETN) using CoinHive
-
AMD allegedly has its own Spectre-like security flaws
-
2018 Week 13
-
Mark Zuckerberg apologizes for Facebook data scandal, 'major breach of trust'
FoxNews: Facebook CEO and co-founder Mark Zuckerberg apologized on Wednesday for the social media website's role in what he previously called the "Cambridge Analytica situation," wherein the rese...
mehr... -
Trisis / Shamoon2 a new destructive IoT attack
At first, technicians at multinational energy giant Schneider Electric thought they were looking at the everyday software used to manage equipment inside nuclear and petroleum plants around the...
mehr... -
2018 Week 12
-
Let's encrypt now supports wildcard certs
Gett your free of charge wildcard domain certificate from Let's Encrypt josh ISRG Executive Director of Let's Encrypt We’re pleased to announce that ACMEv2 and wildcard certificate support is...
mehr... -
160 TBit/Sec. for Microsoft and Facebook
The new submarine cable "Marea" (Spanish for tide) now came "ready for service" to be used by it's owners Facebook, Microsoft and Telsius. The new 160TBis/Sec. are as if 71 million people watchin...
mehr... -
BAD TRAFFIC
This report of TheCitizenLab describes how we used Internet scanning to uncover the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices (i.e. middleboxes) for mal...
mehr... -
APT37 (Reaper): The Overlooked North Korean Actor
Check out this PDF from FireEye giving background and usefull information about that nort korean group that will, from my personal view, be an active threat player in the upcomming year. ...
mehr... -
Hack on German Government via E-Learning Software Ilias
Some learning plattform learned the german government how "not to do it" in the cyber world. After the massive attack by the APT26 group facing the IT landscape of the perlament months ago, the g...
mehr... -
2018 Week 11
-
Intel(R) Active Management Technology MEBx Bypass
Read the advisory here thanks to sintonen@iki.fi for his excellent work. Event F-Secure did a nice article about this topic. Overview Intel(R) Active Management Technology leaves the device su...
mehr... -
2018 Week 02
-
2018 Week 01
I've cretad a seperate page for Meltown - Spectre....
mehr...