While reviewing currently surging malware attacks back in January 2020, one in particular stood out: JS:Trojan:Cryxos.2550. Its appearances increased over 457% from the previous week. This isn’t a new malware by any means, as Trojan.Cryxos has been written about many times. However, this variant is…

Moving forward with the picoCTF challenge platform, after completing the General Skills room I opted for the Reverse Engineering room. This room actually stood out first, even before General Skills. I’ve dabbled in reverse engineering (RE) and it’s a fun but complex and challenging process. Fret not…

Intro HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A "secure connection"…

In continuation of the Android APK Reverse Engineering series, this post will cover how to actually start digging into an APK’s programming logic. My last blog post detailed how to unzip an APK archive and what contents are within. While it’s useful to an extent, it’s not helpful in reading and…

In the past two weeks, sophisticated threat actors have targeted managed service providers (MSPs) and Cloud service providers (CSPs), intending to install ransomware within their infrastructure and customer base. Often, these attacks specifically target products and services MSPs use, such as…

In the Firebox Feed, our threat intelligence feed powered by WatchGuard Firebox customers around the world, we recently came across a trending phishing campaign that uses a malicious PDF as part of its attack. Targeting mostly German users, the PDF comes attached to an email with a subject line that…