DDE Attack

In the recent weeks we are more and more often reading news that talks about attacks that exploit DDE technology, Botnets that exploit the DDE attack, Ransomware that are distributed via DDE attack and so on. Well, this is the right time to clarify this technology and this new attack way. Let's...

Read More

Coin Miner Attacks using Image File

I am here to tell about the "story of an image"... Well, let's gooooooooo!! Watching the picture below, what you can tel about it? Is it a simple image? ...and in the following picture? YES!! They are the same picture, the first one is what you can see when you open it. The second...

Read More

New Way to run VBScript Payload

Some day ago I received an email in an unmarked Gmail mail box. It was a clear Phishing email, but what catched my eyes has been a Password reported into the email's body and the attachment. It was a Microsoft Word file with ".docx" extension. The first question that I asked to myself was:...

Read More

Retrieve Personal Information using Boarding Pass Published on Social Networks

This article want to be a POC (Proof of Concept) about how an attacker with bad intention could use your pictures published into Social Networks to retrieve information about you. Are you readyyyyy?? ...Here we goooo!! In the last days I discovered a Web Site that works like an OCR, it can...

Read More