During the past month I’ve been dedicated some of my free time in building a Malware static analysis pipeline. Goal of this work is to give to Malware analists usefull statistics on what evasion techniques current Malware are implementing. If you are interested on Malware evasion techniques please have a look to my previous post […]Read more "Static Analysis Malware Statistics"
Let’s assume you’ve got a friend who asked you to have a look to his computer because he feels like something wrong is happening. What would you do? Option 1: “I have no idea about how to investigate on ‘computer stuff’, please contact your reseller “ Option 2: “Ok, Let me access to your computer, […]Read more "Volatility on Darkcomet"
Recently most of the people used to collaborate through GitHub experienced a new kind of Denial Of Service Attack widly recognized as Main-On-The-Side Attack. The Github DDOS attack was driven by the State of China (NewYorkTime) with the intent to alert GitHub company about the violation of the Chinese censorship policies. “Because GitHub is fully […]Read more "GitHub and the Man On The Side Attack"
What I am writing is not a “news” anymore, but it is like a “consciousness raising” about the incredible job the guys behind Angler Exploit kit did. But, let me start from the beginning. For everybody out there do not know what an Exploit Kit is I found out a clear and nice description from […]Read more "Angler and the new threats"
Knowing your “enemies” is always a good exercise before developing every protection. Different attackers have different techniques and belong to different groups. Each group owns strict beliefs and attacks in a well known way. In this post I want to examine some of the most notorious hacking groups in the history until now (February 2015) […]Read more "Notorious Hacking Groups."
From time to time, even if we are now in 2015, I find people that do not truly believe in cyber attacks having confused ideas on how cyber attackers do their job. So, even if what I am writing is wellknown for most of you, I want to briefly describe a romantic process behind current […]Read more "Romantic Cyber Attack Process"
One of the most challenging task for attackers is to get persistence into the hacked machine. Malware was the perfect way to get this task done: basically a simple Malware, implementing a persistence technique such as: Getting into the “startup folder” Installing a rootkit on user/system executable DLL search hijacking “Run” Registry keys “UserInit” Registry […]Read more "Getting Persistence With No Malware"
Industrial Control System Security is a great challenge in nowadays production environments but often is one of the last sake of production managers. “SCADA (supervisory control and data acquisition) is a system operating with coded signals over communication channels so as to provide control of remote equipment (using typically one communication channel per remote station). […]Read more "Indusrtial Control Systems: an Interview"
While attack vectors based on Malicious PDF are a well known topic (SANS, Didier’s tools), understanding how those vectors are spread up nowadays is an interesting “research” (at least in my personal opinion). Recently, Yoroi ‘s toolset gave me the ability to analize almost 2k PDF per hour, so I decided to analyze an entire […]Read more "PDF Versions Malicious Content Distribution"
I knew the presence of “Clever” Malware, actually with no real evidence, (at that time I didn’t know “Clever” it was its future name) from a cyber friend of mine who worked with me on Malware evasion techniques. I knew Iranian hackers were getting better and better, but what I did not know was the […]Read more "Operation Clever"