Satellite Imagery Over Software Defined Radio

Recently I purchased a Software Defined Radio dongle kit to experiment with. The kit included the SDR dongle, a dipole antenna kit and a small tripod. Through the use of a few open source and freeware programs, I was able to predict, locate, track and record Automatic Picture Transmission broadcast from the NOAA 19 weather satellite. This topic has been written about extensively and many exceptional tutorials exist; however I decided to document my first experiences with SDR and satellite communications.

...read more

Pop-under Javascript

Pop-unders are a special case of pop-up page that remains behind the active browser window, usually without the user's knowledge. These are commonly found on questionable websites and are used to push advertisements. With Coinhive mining scripts growing in popularity, a script that remains running in an open window without the user's knowledge could do real harm to his or her computer. This post discusses my process for reverse engineering and re-creating a commercial (if you can call paid pseudo-malware commercial) pop-under script and determining some mitigation techniques. As of the time of writing, this script is widely used and bypasses all of Chrome's popunder protections.

...read more

Clickjacking Facebook Likes

This post highlights a common click-jacking application: stealing Facebook likes. The Javascript and CSS used for the attack are extremely simple. Applying this technique to a Facebook "Like" button is relatively harmless and has been rendered somewhat obsolete by a confirmation dialog from Facebook. However, this technique can be used for much more malicious purposes.

...read more

Email Spam Malware

An on-going campaign that consists of fake Facebook, Gmail and Paypal notification emails. The emails follow a similar template, and always link to a PHP page with a simple redirect script that send the user to a malicious page. In a previous post I covered a browser locker. Recently, the emails have been linking to a fake Flash update site. I briefly analyzed the email, associated URLs, and the malicious sample obtained.

...read more

Browser Locker - Email Spam

Analysis of a spam campaign involving a fraudulent Facebook password reset request. Following the link in the email results in the user arriving at a browser locking page. A user who is not familiar with this type of malicious page may fall victim to a typical tech support scam. The malicious pages in this campaign are not sophisticated. If the user has not clicked anywhere on the page, they can simply navigate away. If they have, the page will become full screen, and it will require the use of keyboard shortcuts to open a task manager and terminate the browser process.

...read more

Get honeypotted? I like spam. Contact Us Contact Us Email Email ar.hp@outlook.com email: ar.hp@outlook.com