Nice Way To Evade Dynamic Analysis

One of the most important rules in building dynamic analysis environments is to avoid internet connection by the “potential malicious code”. Indeed the “potential malicious code” would try to exploit the analysis system per se if an internet connection is available. To respect this basic rule, when a sandboxed code tries to open an internet […]

Read more "Nice Way To Evade Dynamic Analysis"

Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks

A “mandatory” step to achieve a complete and successful targeted attack is the so called: “Cyber Intelligence Phase”. By definition every targeted attack owns at leeast one specific characteristic which makes it perfectly fit for a given target. As you might want agree, one of the most important activities on develping a targeted attack is […]

Read more "Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks"

ZeuS Evolution: it’s time for P2P and RSA.

Today another “Hack Note” on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled “ZeuS-P2P” by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a “bot kit” happened so far: the distribution of the Command aNd Control […]

Read more "ZeuS Evolution: it’s time for P2P and RSA."