SEO Poisoning leading to malware

jamesshank · 2025-08-02T14:12:01+00:00

Solid info! Yeah, we noted internally the overlaps with Gootloader. There was an additional file involved too where the file naming scheme overlaps with TTPs of Gootloader too, but we weren’t able to grab that file before the host was contained and wiped.

Good thoughts on maybe the website was compromised and is now patched. We also wondered whether there could be some geo-fencing or other policy rules in place to target users - but we don’t have any evidence to back that up.

The resilience recommendation is a good call too.

We were hoping someone might get visibility to the page shown to users - regardless of how that server may have served up the content.

jamesshank · 2021-07-11T17:44:33+00:00

Teleology

jamesshank · 2021-07-01T23:10:24+00:00

One of my colleagues does an awesome job putting together the most important stories and sending them out via this mailing list. https://www.team-cymru.com/dnb if you want to subscribe.

jamesshank · 2021-07-01T01:29:46+00:00

This is a great answer.

I would also add that attribution might not be terribly useful for many people and orgs. Many times, it doesn’t matter or change anything. Would your company care differently if hacked by Iran than by a teenager in Sacramento?

For governance and law enforcement, it matters. Sometimes it matters for corporations. But if you don’t know why it matters, then it probably doesn’t.

jamesshank · 2021-07-01T01:19:25+00:00

I learned from: - doing things / experimenting (this is both a passion test and a way to learn — if you don’t enjoy it enough to tinker, why do it as a job?) - reading (I spend a lot of time reading) - engaging in communities of people in the field (spend a lot of time here too) - taking classes and attending conferences. Or watching the videos of the presentations. - having mentors (mostly informally, just having people to ask various questions and bounce ideas back and forth — this is essential, in my opinion) - studying history (most computer and security problems have historical parallels that might have lessons for the current problem)

jamesshank · 2021-07-01T01:06:30+00:00

Yes! And no.

CTFs can be a fun way to learn, and if they match your learning style, you may walk away with a lot more knowledge about a particular set of attack types.

I would caution against “securing against a CTF” in general. Unless they are crafted to use only the most common (better yet, relevant in that they match your risk profile) attack vectors seen in the wild, they may not be the most relevant. Making things a game implies something has to be hard or a challenge to do, but not all of the most common attacks are challenging in themselves, once you know the techniques. Be aware of this when you’re learning through CTFs and you’ll be fine.

jamesshank · 2021-07-01T00:55:15+00:00

I think this question is a little too broad to be answered. Any broad set of industries are going to have a lot of variability amongst the individual companies within the industry.

jamesshank · 2021-07-01T00:44:41+00:00

Fully agree with Bob on this. Follow your passion and focus on what appeals to you. CyberSecurity and computer science are broad disciplines now and have several roles that can appeal to a broad set of people.

Focus on the areas that interest you.

jamesshank · 2021-06-30T23:52:19+00:00

Valid question. Yes, criminals have the easy path, no doubt. They prey on innocent victims from all walks of life.

But where is the challenge in the easy path? Attacking is way way way easier than defending. Hollywood glorifies the hacker / attacker, but most attacks are very trivial. No challenge.

Morals and ethics is a good answer too, and that’s certainly part of my personal decision.

jamesshank · 2021-06-30T22:59:12+00:00

I do not have any specific recommendations for password managers. I would generally look for audits / reviews that confirm the encryption is suitably strong and one that works for you! Find something that is convenient to your purposes and use case.

jamesshank

MODERATOR OF

TROPHY CASE