Incident OverviewSince 6 PM Beijing Time on December 4, 2024, “ghost repositories” have been appearing on GitHub. These repositories contain no code but include deceptive virus files. That same day, they became the fastest-growing repositories on GitHub in terms of stars. Over 180 fake zombie accounts were spreading the virus, waiting for victims to fall into their trap.A Chinese developer—myself—took notice of all this. After days of probing and searching, I identified the attacker.Incident DetailsInitially, I was developing an open-source program to identify early-sta...

According to statistics, the average cost of a data breach reached $4.88 million in 2024, marking the highest recorded average to date. Moreover, 68 percent of data breaches in 2024 involved a human element. Cyber-attacks are no longer rare events—they’re an everyday risk for businesses. When a business isn’t prepared, even a minor attack can lead to costly downtime, disrupt operations, and harm its reputation. The good news is that businesses can reduce these impacts with proper cybersecurity measures, allowing them to respond faster and recover more efficiently when attacks...

Recently, I encountered an issue with an app I maintain—it suddenly stopped pulling RSS feeds from TechCrunch. At first, I suspected that the RSS feed URL might have changed. However, after further investigation, I discovered a different story. The URL itself was unchanged, but the results varied depending on where the request was coming from.To troubleshoot, I started by setting up a local web server and running a test with my script to see if it could still pull the RSS feed. The script, written in PHP, simply sends a cURL request to the TechCrunch RSS feed.<?phpfunction get($url, $...

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop showcasing a practical demonstration of a red team attacker implementing an IT system/network attack via a Malicious Macro MS-Office-Word file (CVE-2015-1641) and phishing email generation program to penetrate multiple layers of firewall defenses and implant a backdoor trojan into the railway system's OT network.Related Links: GitHub Project Link , LinkedIn Post LinkAttacker Vector: Malicious Macro Attack, Phishing Email Attack, Backdoor Trojan AttackMatched MIRTE-CWD: CWE-94 , CWE-827, CWE-494, CWE-...

In last article, we know the role of clients and their responsibilities for certificate verification. Finally, let's talk about websites. We've discussed many potential issues between CAs and clients concerning certificates, but the most frequent issue is with websites—many websites have faced this problem: certificate expiration.Websites need to ensure two things:Ensure their certificate does not expire.Protect their private key from being leaked. If someone else obtains the private key, the certificate loses its meaning of “only I can prove who I am.” When requesting a...

 Finally, in last article we’ve covered the responsibilities of CAs, showing that being a CA isn’t simple and has high management costs, explaining why issuing certificates costs money! This article we will cover the client in this chain.Verifying Certificates as a ClientFor clients, verifying certificates isn’t simple either. Articles introducing TLS handshakes often mention "the server sends back a certificate, and the client verifies it," but in reality, as we’ve seen, the server sends back multiple certificates!This can be confirmed by packet capture:...

One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less information about certificates, which are a critical component of TLS/SSL. This series of articles aim to explain what certificates are used for, how Google prevents others from impersonating Google, and why certificate issues frequently arise, among other topics.(Postscript: It took me a full 10 hours to write these articles. It's quite straightforward, with no mathematical content, just a few OpenSSL com...

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to illustrate:How an attacker can use a Python pickle bomb to remote execute malicious program via an IoT d...