GoSecure Blog
Proxy Detection: Comparing Detection Services with the Truth
In our previous blog post, we looked at different (free and paid) solutions to detect the use of anonymity tools during attacks executed on our Remote Desktop Protocol (RDP) honeypots. Confronted with inconclusive outcomes, this blog post aims to evaluate the different proxy detector tools by analyzing their results with our dataset of Truth.
Hated by Many, Loved by Hackers: Edge’s Role in Staying Undetected
A staggering 87% of people believe that malicious hackers possess exceptional computer skills. One might assume they would predominantly use anonymity networks like Tor to mask their true identities. However, our study reveals that attackers share the same browser preferences as the general population and choose it in relation to their malicious intentions. In this blog, we explore the nuances of browser choices made by attackers who have compromised a system.
Key and E: A Pentester’s Tale on How a Photo Opened Real Doors
For most people, keys are simple yet magical objects: They grant access to places you belong and keep you out of places you don’t. But did you know that anyone could easily make a copy of a key from a simple picture? Suddenly, something as ordinary as a key becomes a security risk. Through the eyes of a penetration tester, keys represent more than just access; they are vulnerabilities waiting to be exploited.
The Challenges of Proxy Detection: Addressing Database Aging and Accuracy Issues
You would be startled by the number of studies conducted on the geography of cyber-attacks that overlook a key factor: the use of proxies. The art of hiding one’s IP address behind another one through the means of a Virtual Private Network (VPN), anonymity networks (such as TOR), or data centers, is an unsurprisingly common technique within the hacking industry. The neglect in previous cyber-geopolitical research could be explained as a misunderstanding of the concept of proxies and their effects, or also a lack of resources to identify them.
Web Browser Notification Threat More Alarming than Expected
A recent discovery by our SOC/incident response team has brought to light a concerning use of web browser notification service workers. The alarming aspect of this finding is the ability to initiate notifications, simulate user clicks, and close notifications seamlessly, all while remaining virtually undetectable to the user. This covert execution presents significant challenges in detecting and effectively mitigating such malicious activities.