https://blog.polaris64.net/categories/cybersecurity/ Recent content in Cybersecurity on Polaris64's blog Hugo en-uk Mon, 24 Aug 2020 12:34:40 +0100 https://blog.polaris64.net/post/introduction-to-cybersecurity-blog/ Fri, 03 Mar 2017 22:03:00 +0000 https://blog.polaris64.net/post/introduction-to-cybersecurity-blog/ The Cybersecurity blog is a place where I can write about all topics relating to online security, web-based attacks, “hacking”, exploits, vulnerabilities, penetration testing, etc. In my work I operate many servers which are connected to the Internet, for myself, my company and my clients. Having a server connected to the Internet exposes it to a huge threat from online evildoers, and I see a fair share of this on a daily basis. https://blog.polaris64.net/post/hidden-in-plain-sight-how-attackers-use-obfuscation-to-hide-code/ Mon, 01 May 2017 19:10:00 +0100 https://blog.polaris64.net/post/hidden-in-plain-sight-how-attackers-use-obfuscation-to-hide-code/ Introduction Many articles, including my own, make references to code obfuscation. This article takes a look at what this actually is, as well as why it is often used by attackers to hide malicious code. What is obfuscation? Obfuscation is the process of converting something to a form where its meaning and purpose is less apparent. When related to computer source code, this can be done for many reasons; sometimes as a challenge, sometimes even for art! https://blog.polaris64.net/post/web-exploit-detector-npm-module/ Sat, 22 Apr 2017 15:23:00 +0100 https://blog.polaris64.net/post/web-exploit-detector-npm-module/ Introduction As a follow-up to the previous article about my Web Exploit Detector, I am happy to announce that I have just made the project available as an NPM module. This allows the application to be installed, used and updated much more easily than before. This article is intended to be a brief introduction to the Web Exploit Detector as an NPM module, as well as a brief introduction to NPM itself for those that are unfamiliar with it. https://blog.polaris64.net/post/web-exploit-detector-node-js-security-scanner/ Sun, 16 Apr 2017 19:16:00 +0100 https://blog.polaris64.net/post/web-exploit-detector-node-js-security-scanner/ Introduction After detecting some new exploits on one of my web servers, I decided to start work on a new application called the “Web Exploit Detector”. This project is open-source and hosted on GitHub, meaning that it’s free for anyone to use and, more importantly, anyone can contribute their own rules to make the tool better. I now use this tool on my own servers to check for infections on a daily basis and it works well so far. https://blog.polaris64.net/post/wordpress-hacks-jquery-js-script-injection/ Mon, 06 Mar 2017 22:04:00 +0000 https://blog.polaris64.net/post/wordpress-hacks-jquery-js-script-injection/ Introduction In the second of my series of articles about different exploits seen for WordPress sites, I discuss a particular attack that causes all pages on an infected site to redirect to a page of the attacker’s choice, which in this case was an affiliate link. This attack involves adding malicious code to jQuery .js files based on the assumption that jQuery is probably going to be included in every page request. https://blog.polaris64.net/post/wordpress-hacks-functions-php-backdoors/ Fri, 03 Mar 2017 22:03:00 +0000 https://blog.polaris64.net/post/wordpress-hacks-functions-php-backdoors/ Introduction I recently noticed that a number of our client sites had some suspicious code added to the top of the functions.php file for each of the installed themes. This is an investigation into this code and details of how to remove it. I am making this information available in the hope that it will be a useful resource for anybody that suffers this attack on their own WordPress sites. I strongly believe that by making this information public I can help others to combat these types of attacks.