CDN-Filestore Credit Card Stealer for Magento
Krasimir Konov During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain…
Browsing Category
Website Security
1037 posts
Web Crawler & User Agent Blocking Techniques
Luke Leal This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t…
Smoker Backdoor: Evasion Techniques in Webshell Backdoors
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware…
How SSL Works with a Website Firewall
Art Martori It’s no secret that a secure sockets layer (SSL) encrypts data as it moves between a visitor’s browser and the site host. For many people,…
String Concatenation: Obfuscation Techniques
While string concatenation has many valuable applications in development — such as making code more efficient or functions more effective — it is also a…
PHP Binary Downloader
When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by…
PHP Backdoor Obfuscated One Liner
In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands…
Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…
SEO Hacktool: Sitemap Generator
An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For…
Reverse String WooCommerce WordPress Credit Card Swiper
Ben Martin As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential…
Skimmers in Images & GitHub Repos
Denis Sinegubko MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue.…