Hiding the Referrer

thumbnail

When you investigate a malicious site opening or malicious file download, oftentimes you want to find out how your user got there. Checking the referrer information in proxy logs is one of the most trivial things to do if you want to identify the root cause, the initial site. Unfortunately, there are ways for an attacker to create a site that will alter or hide the referrer information. If the logs do not have the required referrer information and you are not aware that they can be hidden, you can incorrectly assume that there was no referrer at all.
Read more

Ways of phishing 2 - HTML smuggling

thumbnail

As a sequel of my previous post, I’m going to talk a little bit about another technique used in phishing that I encountered recently. This technique is HTML smuggling. This method is not new, but it definitely appears in more and more attacks, including phishing scenarios. This is why it is so important to know about the ins and outs of this approach. List of the three methods I’m showing in this 3 episode-long series:
Read more

Ways of phishing 1 - Remote Template Injection

thumbnail

Phishing is one of the most used initial access techniques. This is the reason why most of the companies have an adequate solution to mitigate the threat of these e-mails. But this is a constant cat-and-mouse game. As defenders produce clever mitigations, attackers introduce newer yet unseen methods to bypass them. Here, I am going to describe some phishing techniques which I encountered lately (late 2019 – early 2021). All these approaches are going to be ones I felt like are not detected or mitigated properly most of the time.
Read more