Error: INSERT INTO `STATS_uperesia` ( `ID` , `ip` , `useragent` , `hostname` , `country`, `referer`, `time`, `pagename`, `visitorID`) VALUES ('', '3.139.67.157', 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)', 'ec2-3-139-67-157.us-east-2.compute.amazonaws.com' , 'US', 'none', '1734795822', 'home', 'iBOf383B9e9jApOSqfG9FtFNBHLLnuZKdXIur781bvpuVkEmmF6HpKjN72FX8GlTtSLSUJ75yquBhxALI6CiIxldekcKTg5Om4lTq7NpIk5FILlAb')
Error:INSERT command denied to user 'uperesiadsdb'@'10.23.20.142' for table 'STATS_uperesia' Uperesia.com
Uperesia is a blog with topics related to IT security. The blog discusses topics ranging from malware analysis to penetration testing, threat intelligence and active defense. Occasionally a writeup of a technical topic related to IT security can be found here too.
Hancitor's packer demystified

Post about reverse-engineering a packer which has been used in the past year by the Hancitor malware family to evade security detection. The packer can also be linked to many other financially motivated attacks in the past.

How TrickBot tricks its victims with webinjects

Blog which discusses how the TrickBot banking trojan uses webinjects to alter the contents of banking websites with the goal of defrauding its victims. The post also discusses how banks may detect customers infected by TrickBot.

Malicious dropper as an attack vector

Post which discusses different types of malicious droppers (file extensions) which may be used as an attack vector. These malicious droppers are often used in the weaponization phase of the cyber kill chain with the goal of compromising a system.

Booby trap a shortcut with a backdoor

Post which gives insight into how malware, which was allegedly used by the same group responsible for hacking the DNC and influencing the 2016 American elections, is built.

Inside the necurs botnet: the origin of locky malspam

Post which discusses methods to track the Necurs botnet: a centrally controlled group of computers on which a backdoor is installed. The article explains how a threat intelligence tool, which tracks the malicious mails sent by the botnet, can be built.

Buffer overflow explained

Post which discusses how arbitrary code execution in a program can be achieved by exploiting a buffer overflow vulnerability

Analyzing rig exploit kit

Post which discusses the Rig exploit kit: a kit used by cyber criminals to distribute malware. The kit abuses (exploits) flaws in outdated software in such a way that if a victim browses to a compromised site, its computer might get infected.

The pyramid of pain in threat hunting

Blog that discusses the theory of the pyramid of pain (the potential of threat intell) in threat hunting

Analyzing malicious office documents

Post which discusses weaponized office documents: documents, e.g. a word or excel document, with embedded malware. The post discusses three ways to spread malware via office documents: VBA macros, OLE objects and microsoft office exploits.

Analysis of a packed pony downloader

Malware reverse engineering tutorial which explains how self-defending malware making use of packers can be dissected.

Deobfuscating a Locky dropper

Tutorial which explains how an obfuscated javascript dropper (a javascript which needlessly contains complex constructs, in order to make it more difficult for antivirus software to detect the codes malicious nature) can be deobfuscated.

Analysis of an Angler Wordpress backdoor

Post which discusses how malicious code is injected in compromised websites. The malicious code redirects visitors of the compromised website to an exploit kit.

A closer look to fileless click fraud malware: Poweliks

Post which discusses the techniques used by Poweliks: malware which lives in the computers registry and which generates artificial traffic towards advertisement sites.

Reverse engineering Tinder: retrieving privacy-sensitive data

Post which discusses hunting for (security) vulnerabilities in Tinder. The post discusses a sensitive data exposure vulnerability in Tinder, which got fixed by Tinder within forty-eight hours.

Dridex: a modern bank robber

Post which discusses the Dridex banking trojan: a virus which is able to steal information submitted to an online banking application. The stolen information (such as authentication codes) is used to defraud the victim at a later stage.

Top three interesting facts about Angler exploit kit

Post which discusses the Angler exploit kit: a kit used by cyber criminals to distribute malware. The kit abuses (exploits) flaws in outdated software in such a way that if a victim browses to a compromised site, its computer might get infected.

Pretty Good Privacy (PGP) explained

Article which explains PGP: an asymmetric encryption algorithm used to digitally sign a message or to encode a message in such a way that only the intended receiver is able to decode the message.