Filesec.io project lists malicious file extensions used by attackers

Emma Woollacott July 07, 2021 at 10:54 UTC

Updated: July 07, 2021 11:30 UTC

Sort your .dats from your .dmgs

A security researcher launched Filesec.io, a repository of wiki-style file extensions that can be used for malicious purposes.

Inspiration, says’mr.d0x‘, came during a shift as he listed the expansions that would require approval to perform.

“We were going google to find a list of extensions to help us with the blocklist, and at that point I thought, why not create a centralized place where everyone can not just see the extensions dangerous, but also additional details on how this extension is used? »The researcher says The daily sip.

“When creating this project, my goal was [to reach] security researchers; but I’m sure security-conscious end users will find it useful to refer every now and then.

Filesec.io aims to help educate end users about potentially malicious file extensionsFilesec.io aims to help educate end users about potentially malicious file extensions

Classify and tidy up

Filesec.io has a format similar to LOLBAS and GTFObins projects, providing a description of each file extension, as well as security recommendations and other resources explaining how attackers could use the file for malicious purposes.

The site currently only has 74 extensions, ranging from – widely known to be a harbinger of potentially malicious code – to lesser-known risks such as.

ADVISED Introducing Malvuln.com – The First Website “Exclusively Dedicated” to Exposing Malware Security Flaws

mr.d0x says he wanted the site up and running as quickly as possible, but adding new additions to the list every few days. It also invites the security community to contribute new entries, edit or add existing items, and contribute sample files.

“The reason I developed it this way is because I’ve seen the success of contribution-led projects,” he says.

“Another reason is due to the constantly evolving methods used by attackers. I won’t be able to create a complete list on my own, but with the help of the security community, I can see this become a reality. “

Learn more about the latest security research news

Going forward, mr.d0x said he hopes to incorporate a more detailed breakdown of each extension’s file structure, along with a full set of sample downloadable files.

And, says the researcher, he’s open to new ideas: “From the start, this project was meant to help the security community, and so if I get positive feedback and the project offers benefits, I don’t mind. no adding more features in the future. “

YOU MAY ALSO LIKE Operation Lyrebird: cyber cops catch Moroccan phishing and carding baron