Unprotecting VBS Password Protected Office Files

Hi folks, today I’d like to share a nice trick to unprotect password protected VB scripts into Office files. Nowadays it’s easy to find out malicious contents wrapped into OLE files since such a file format has the capability to link objects into documents and viceversa. An object could be a simple external link, a […]

Read more "Unprotecting VBS Password Protected Office Files"

Advanced ‘all in memory’ CryptoWorm

Introduction. Today I want to share a nice Malware analysis having an interesting flow. The “interesting” adjective comes from the abilities the given sample owns. Capabilities of exploiting, hard obfuscations and usage of advanced techniques to steal credentials and run commands.  The analyzed sample has been provided by a colleague of mine (Alessandro) who received […]

Read more "Advanced ‘all in memory’ CryptoWorm"

TOPransom: From eMail Attachment to Powning the Attacker’s Database

Hi folks, today I want to share a quick but intensive experience in fighting cybercrime. I wish you would appreciate the entire process from getting an email attachment to powning the ransom server trying to stop the infection and to alert everybody about the found threats. As a second step I would try to identify […]

Read more "TOPransom: From eMail Attachment to Powning the Attacker’s Database"

False Flag Attack on Multi Stage Delivery of Malware to Italian Organisations

Everything started from a well edited Italian language email (given to me from a colleague of mine, thank you Luca!) reaching out many Italian companies. The Italian language email had a weird attachment: ordine_065.js (it would be “Order Form” in English) which appeared “quite malicious” to me. By editing the .js attachment it becomes clear that […]

Read more "False Flag Attack on Multi Stage Delivery of Malware to Italian Organisations"

The Offensive Cyber Security Supply Chain

During the past few weeks some people asked me how to build a “cyber security offensive team”. Since the recurring question I decided to write a little bit about my point of view and my past experiences on this topic without getting into details (no: procedures, methodologies, communication artifacts and skill set will be provided).  […]

Read more "The Offensive Cyber Security Supply Chain"

ShadowBrokers Leak: A Machine Learning Approach

During the past few weeks I read a lot of great papers, blog posts and full magazine articles on the ShadowBrokers Leak (free public repositories: here and here) released by WikiLeaks Vault7.  Many of them described the amazing power of such a tools (by the way they are currently used by hackers to exploit systems […]

Read more "ShadowBrokers Leak: A Machine Learning Approach"

Malware Training Sets: A machine learning dataset for everyone

One of the most challenging tasks during Machine Learning processing is to define a great training (and possible dynamic) dataset. Assuming a well known learning algorithm and a periodic learning supervised process what you need is a classified dataset to best train your machine. Thousands of training datasets are available out there from “flowers” to […]

Read more "Malware Training Sets: A machine learning dataset for everyone"