近期，CNCERT监测发现银狐远控木马通过批量生成的高仿真钓鱼网站大规模传播，样本落地后将Shellcode注入系统关键进程执行远控，与境外C2服务器建立持久化连接，实现对主机的隐蔽控制。黑产团伙疑似利用AI工具大幅提升钓鱼页面制作效率，结合域名批量注册、仿冒网站访问流量精细化监测等手段，形成“网络钓鱼→木马下载→进程注入→远控控制”的完整攻击链。

The method that this tool uses is a simple one that opens a location in its address space with a call to VirtualAlloc with permissions of read, write, and execute. VirualAlloc is a Windows specific ...

Researchers have discovered a new ransomware variant that they say has significantly different behavior and characteristics than most other ransomware types. The ransomware, called PwndLocker, was ...

eSpeaks host Corey Noles sits down with Qualcomm's Craig Tellalian to explore a workplace computing transformation: the rise of AI-ready PCs. Matt Hillary, VP of Security and CISO at Drata, details ...

BLACK HAT ASIA – Singapore – Windows fibers, little-known components of Windows OS, represent a largely undocumented code-execution pathway that exists exclusively in user mode — and is therefore ...