Tag Archives: SmartScreen

Attack Techniques: Encrypted Archives

Tricking a user into downloading and opening malware is a common attack technique, and defenders have introduced security scanners to many layers of the ecosystem in an attempt to combat the technique: With all this scanning in place, attackers have great incentives to try to prevent their malicious code from detection up until the momentContinue reading “Attack Techniques: Encrypted Archives”

pushState and URL Blocking

The Web Platform offers a handy API called pushState that allows a website’s JavaScript to change the URL displayed in the address bar to another URL within the same origin without sending a network request and loading a new page. The pushState API is handy because it means that a Web Application can change theContinue reading “pushState and URL Blocking”

Cloaking, Detonation, and Client-side Phishing Detection

Today, most browsers integrate security services that attempt to protect users from phishing attacks: for Microsoft’s Edge, the service is Defender SmartScreen, and for Chrome, Firefox, and many derivatives, it’s Google’s Safe Browsing. URL Reputation services do what you’d guess — they return a reputation based on the URL, and the browser will warn/block loadingContinue reading “Cloaking, Detonation, and Client-side Phishing Detection”

ServiceWorkers vs. Network Filtering

In a recent post, I explored how the design of network security features impact the tradeoffs of the system. In that post, I noted that integrating a URL check directly into the browser provides the security check with the best context, because it allows the client to see the full URL being checked and ifContinue reading “ServiceWorkers vs. Network Filtering”

The Challenge of IP Reputation

When protecting clients and servers against network-based threats, it’s tempting to consider the peer’s network address when deciding whether that peer is trustworthy. Unfortunately, while IP addresses can be a valuable signal, attempts to treat traffic as trustworthy or untrustworthy based on IP address alone can be very prone to mistakes. Background Most clients andContinue reading “The Challenge of IP Reputation”