Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Today I’d like to share a full path analysis including a KickBack attack which took me to gain full access to an entire Ursniff/Gozi BotNet .   In other words:  from a simple “Malware Sample” to “Pwn the Attacker Infrastructure”. NB: Federal Police has already been alerted on such a topic as well as National […]

Read more "Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy"

Interesting hidden threat since years ?

Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many obfuscation steps and implementation languages. During the analysis time only really few Antivirus (6 out of 60) were able to […]

Read more "Interesting hidden threat since years ?"

Attacking Machine Learning Detectors: the state of the art review

Machine learning (ML) is a great approach to detect Malware. It is widely used among technical community and scientific community with two different perspectives: Performance V.S Robustness. The technical community tries to improve ML performances in order to increase the usability on large scale while scientific community is focusing on robustness by meaning how easy […]

Read more "Attacking Machine Learning Detectors: the state of the art review"

DMOSK Malware Targeting Italian Companies

Today I’d like to share another interesting analysis made by my colleagues and I. It would be a nice and interesting analysis since it targeted many Italian and European companies. Fortunately the attacker forgot the LOG.TXT freely available on the dropping URL letting us know the IP addresses who clicked on the first stage analysed […]

Read more "DMOSK Malware Targeting Italian Companies"

CERTs, CSIRTs and SOCs after 10 years from definitions

Nowadays is hard to give strong definitions on what are the differences between Security Operation Centers (SOC), Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) since they are widely used in many organisations accomplishing very closed and similar tasks. Robin Ruefle (2007) on her paper titled “Defining Computer Security Incident Response […]

Read more "CERTs, CSIRTs and SOCs after 10 years from definitions"

Control Flow Integrity: a Javascript Evasion Technique

Understanding the real code behind a Malware is a great opportunity for Malware analysts, it would increase the chances to understand what the sample really does. Unfortunately it is not always possible figuring out the “real code”, sometimes the Malware analyst needs to use tools like disassemblers or debuggers in order to guess the real […]

Read more "Control Flow Integrity: a Javascript Evasion Technique"

Info Stealing: a new operation in the wild

Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code  makes impossible to assert “This attack belongs to X”. Indeed nowadays makes more sense talking about Attribution Probability rather then Attribution by itself. “This attack belongs to X with 65% of attribution probability” it would be a correct sentence. I […]

Read more "Info Stealing: a new operation in the wild"