Computer Security Professional. Everyday is a new chance to learn something new. I enjoy helping protect people from cyber threats when and where possible.
Nov 1, 2019 • 14 tweets • 24 min read
New Blog Post: Hancitor + COM Objects
Recently, Hancitor incorporated the use of COM to spawn IE and download stage 2 payloads. While many may have not understood the true risk of what the Hancitor campaign stumbled into it, its very dangerous.
dodgethissecurity.com/2019/11/01/han…
Specifically, my research partners and myself around 1 year ago theorized that COM objects if used to spawn IE could be used to get around/through proxy servers in environments. Proxy servers have provided a severely overestimated layer of protection.
Aug 20, 2019 • 11 tweets • 2 min read
So who want's IP Addresses of systems that attempted to login into my HitBTC account which I created but never used 🤣😂?