Authentic8 Blog Author: Amir Khashayar Mohammadi

Amir Khashayar Mohammadi is a Computer Science and Engineering major who focuses on malware analysis, cryptanalysis, web exploitation, and other cyber attack vectors.

Hollywood Hacks & Hackers

Posted by: Amir Khashayar Mohammadi
Published on:

Hollywood’s depiction of hacking, on the big screen and in TV dramas or on Netflix, isn’t always accurate, to put it mildly. A closer look.

*

Flashy pop-ups and green-on-black text screens, with the occasional cat GIF thrown in for good measure, cannot gloss it over: When scriptwriters and directors want to show us what hackers (blackhat, whitehat, and everybody in between - character development!) actually do when plying their trade, reality is relegated to the backseat.

If you spend your days glued to your terminal, compiling piles of code or debugging software, you know first-hand how wrong they have it. Glamour? Suspension? The thrill of the hunt? Let’s get real.

Mr. Robot hides data in CD

Source: Mr. Robot

There are exceptions, though. Many readers are probably familiar with this picture. If you're not, it’s taken from the award-winning TV series Mr. Robot (USA Network). Mr. Robot deserves mentioning in this context as one of the few shows that gets it right (most of

How to Detect Browser Extensions

Posted by: Amir Khashayar Mohammadi
Published on:

Working on new methods and tools to identify browser exploits, I recently came across a common question again in a forum: "Is it possible to detect what browser extensions I have installed?"

That information would be of value to various people for several reasons. Online attackers and snoops stand to gain most from it. Examples:

  • Browser extension details can help fingerprint the client from others, as in: "This client uses a Google Translate browser extension. This other client does not."
  • Plugin information can also aid in targeted client exploitation, as in: "This this client has version 2.0.6 of the [bleep] password manager installed, with working exploits A, B, and C."
  • Addon identification can also be leveraged to hijack the local browser, as in: "This developer's Gmail account has been pwned; let's use it to push a malicious update."


Sounds far-fetched? I wish it were. Check out our blog posts with real-life examples: JavaScript Template Attacks, Password Manager Extension Exploit, and

10 Top Tools for Threat Hunters from Black Hat USA 2019

Posted by: Amir Khashayar Mohammadi
Published on:

So you weren't able to make it to Las Vegas this year, or didn’t get to check out all the latest and greatest tools at the booths and workshops? We've got you covered.

Check out these ten short reviews of useful tools presented at Black Hat USA 2019 for threat intelligence analysts, OSINT researchers, forensic investigators, and threat hunters:

King Phisher: Phishing Toolkit for Red Teams

King Phisher

Source: Github

King Phisher, created by SecureState, is a tool designed to simulate real-life scenario phishing attacks that may occur on a corporate network. It’s intended for red teaming, enabling the user to create complex attack scenarios to test internally if anyone in the organization fails to identify the bait.

This highly flexible tool allows you to run numerous phishing campaigns simultaneously, control the phishing email's content (embedded images, HTML, and more), map the location of all the phishing victims, and run SPF checks (Sender Policy Framework) for forging sender address during email delivery.

Green Padlocks, Gray Padlocks - Does Anyone Really Care?

Posted by: Amir Khashayar Mohammadi
Published on:
Topics: Security

At the BlackHat conference in Las Vegas earlier this month, I had a chance to chat with Troy Hunt (creator of haveibeenpwned.com) and Scott Helme (founder of report-uri.com) about the protracted death of Extended Validation (EV) certificates.

We also talked about the fallacy of expecting users to make sense of how browsers interpret SSL/TLS certificates and about browser security in general.

What good do "security aesthetics" of a certificate accomplish when browsers no longer support it?

Listen to our conversation here.

ActiveX Data Leaks: Making Bad (Non-) Browsers Worse

Posted by: Amir Khashayar Mohammadi
Published on:

Outdated browsers and browser plugins. People use them, forget about them, they become outdated, and their machine gets compromised. It’s a story almost as old as the web browser. The problem is, people never learn and never update - or, in this case, get rid of the problematic plugin.

List of Plugins

Source: sploit.io

ActiveX, a framework native to Internet Explorer, was introduced in 1996. Still supported in Windows 10, it allows an attacker to steal data and fully take over the victim’s machine when that person visits a page that contains a particular set of scripts.

How relevant is this exploit in 2019? In an unscientific survey among software engineers about ActiveX and if it still played a role, we got answers like this, from Zachary S. in San Francisco: "I think it’s dead. I hope it’s dead. It should be killed if it’s not dead."

Unfortunately, it’s not. According to NetMarketShare ("Market share statistics for Internet