1. Trojans using CryptoAPI In this section we analyze some bankers and Remote Access Trojans, or RATs, that use CryptoAPI. These particular families have been selected since they use the library in distinct, interesting ways. 1.1 PandaBanker PandaBanker is a Zeus-like banking malware. Like all other Zeus-based bankers, the malware...

Local File Inclusion – aka LFI – is one of the most common Web Application vulnerabilities. If conducted successfully, It might allow attackers to read sensitive information, access configuration files or even execute system commands remotely. This is going to be the second part of our first blog post regarding...

What are credentials? In the field of information technology, credentials refer to specific data or authentication tools required to verify the identity of a user, authenticate them and grant access to a system or network ID. Credentials are extremely important when it comes to securing a company’s network infrastructure, protecting...

Local File Inclusion – aka LFI – is one of the most common Web Application vulnerabilities. If conducted successfully, It might allow attackers to read sensitive information, access configuration files or even execute system commands remotely. As most web application vulnerabilities, the problem is mostly caused due to insufficient user...

Web application penetration testing is one of the most important components of an organization’s vulnerability management program. As more critical business processes move online, including customer portals, Software-as-a-Service (SaaS) platforms, APIs and internal tools, web applications have become a primary target for attackers. According to Verizon’s Data Breach Investigations Report,...

By now, the term digital footprint shouldn’t be a mystery anymore. We roll our eyes every time we see an old college colleague, our teenage niece or that guy on Facebook we don’t really know exposing half of their life online. “Are they not thinking about the dangers?”  Now think...

Acquisition accelerates delivery of cloud, container, and virtualized security assessments to reduce business risk. Copenhagen, Denmark – January 23, 2018 Outpost24, a leading provider of Vulnerability Management solutions for commercial and government organizations, announced today that it acquired the business of SecludIT, an award-winning cloud infrastructure security pioneer.  The move...

When checking the USA.gov domain Sweepatic, a brand of Outpost24, discovered with their EASM platform a significant security gap which enabled us to take over their subdomain. Of course, we then secured it from hostile hackers and through coordination by the National CSIRT in the US we helped to make...

In this post, we're going to explore the dangers and risks of the tip of a very huge iceberg of sensitive information companies are exposing: the metadata of a document. “What is it and why is it such a juicy source of information for advanced attackers?” you might ask. Well,...

Subdomain enumeration is an essential part of the reconnaissance phase in the cyber kill chain. This is where cyber-attackers map out the digital footprint of the target in order to find weak spots to gain for example access to an internal network. In this post, we'll set you up with...