Looking For Caves in Windows Executables

Most of my readeres exactly know what code caves are while many other people out there (maybe occasional readers) could wonder why I am writing about codecaves in 2016 since it is a well know technique (published in 2006) to inject a malicious payload inside Windows Portable Executables. Well, today I want to disclouse a […]

Read more "Looking For Caves in Windows Executables"

Spotting Malicious Node Relays

TOR is a well known “software” able to protect communications dispatching packets between different relays spread over the world run by a network of volunteers. Because the high rate of anonymity TOR has been used over the past years to cover malicious actions by physical and cyber attackers. TOR, especially through its browser implementation (the […]

Read more "Spotting Malicious Node Relays"

SandBoxes personal evaluations

Understanding the “sandbox” technology is a fundamental step in Malware prevention. While it is obvious the new evasion techniques such as (but not limited to); Malware Encryption, Malware Packing, Metamorphism and Polimorfism are able to evade romantic defensive technologies such as (but not limited to) AntiVirus, Intrusion Detection and Prevention Systems, URL Filtering and Proxy, […]

Read more "SandBoxes personal evaluations"

MalwareStats.org: New "Speed" and New Samples Available now.

Hello everybody, today is about speed improvements and new malware samples in malwarestats.org. If you followed the MalwareStats.org genesys you might remeber the early stage development where took between 8 to 10 minutes to visualize statistics over 43k Malware Analysis. Today it runs much better alost 15 seconds to visualize 76.2K Malware Analysis (ok, I […]

Read more "MalwareStats.org: New "Speed" and New Samples Available now."

Shifu: A new interesting Banking Trojan

Hello everybody, today I’d like to share some infos on “Shifu” a new incredibly interesting banking trojan. At this point you might think: “Why are you writing about Shifu among many other new threats (even more discussed)  out there ? “ Well… Shifu is a new banking trojan which actually attacks Japanese banks mostly,  it’s […]

Read more "Shifu: A new interesting Banking Trojan"

Exploit Kits on August 2015

Often people, including students and security professionals asks me about Exploit kits (EK). EKs play a foundamental role in todays malware propagation because developed to deliver content through vulnerabilities. Aims of the EK is to exploit a target client machine through well known or sometimes “less known” vulnerabilities which usually target browsers, Java Runtime Environment, […]

Read more "Exploit Kits on August 2015"

Static Analysis Malware Statistics

During the past month I’ve been dedicated some of my free time in building a Malware static analysis pipeline. Goal of this work is to give to Malware analists usefull statistics on what evasion techniques current Malware are implementing. If you are interested on Malware evasion techniques please have a look to my previous post […]

Read more "Static Analysis Malware Statistics"

GitHub and the Man On The Side Attack

Recently most of the people used to collaborate through GitHub experienced a new kind of Denial Of Service Attack widly recognized as Main-On-The-Side Attack. The Github DDOS attack was driven by the State of China (NewYorkTime) with the intent to alert GitHub company about the violation of the Chinese censorship policies. “Because GitHub is fully […]

Read more "GitHub and the Man On The Side Attack"