The average phishing site doesn’t live very long– think hours rather than days or weeks. Attackers use a variety of techniques to try to keep ahead of the Defenders who work tirelessly to break their attack chains and protect the public. Defenders have several opportunities to interfere with attackers: Each of these represents a weakContinue reading “Attack Techniques: Open Redirectors, CAPTCHAs, Site Proxies, and IPFS, oh my”
Tag Archives: SmartScreen
Capturing Logs for Debugging SmartScreen
The Microsoft Edge browser makes use of a service called Microsoft Defender SmartScreen to help protect users from phishing websites and malicious downloads. The SmartScreen service integrates with a Microsoft threat intelligence service running in the cloud to quickly block discovered threats. As I explained last year, the SmartScreen service also helps reduce spurious securityContinue reading “Capturing Logs for Debugging SmartScreen”
Downloads and the Mark-of-the-Web
Last update: Feb 13, 2023 Background Windows uses a simple technique to keep track of which binary files were downloaded from the Internet (or a network share). Each downloaded file is is tagged with a hidden NTFS Alternate Data Stream file named Zone.Identifier. You can check for the presence of this “Mark of the Web”Continue reading “Downloads and the Mark-of-the-Web”
text/plain 