Hide it like you stole it
▻https://hackernoon.com/hide-it-like-you-stole-it-d703a8872a29?source=rss----3a8144eabfe3---4
I like to examine creative ways of doing things. Often times I will look at a malware example and enjoy how they accomplish some of the nasty things. The latest example of this involves how a crypto mining bot and their script running on a postgres box. This was found in the impreva blog talking about the exploit.▻https://www.imperva.com/blog/2018/03/deep-dive-database-attacks-scarlett-johanssons-picture-used-for-crypto-mining-on-postgre-database/This is leveraging a command called dd and then using how images are rendered/checked on upload. It can also be thought of as “Poor mans steganography.” Lets say that we want to hide a shell script or a series of commands. We can hide this at the end of an image file. Image processors will read a file top to bottom. This allows us to simply (...)
#hacking #hacker #hide-it-like-you-stole-it #security #programming