Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its presence over an extended period. This persistence is achieved through various covert techniques, […]
Read more "Malware Persistence Locations: Windows and Linux"Introduction In today’s digital landscape, the prevalence of cyber threats and incidents has become a significant concern for individuals, organizations, and governments alike. I have had the opportunity to explore numerous vendor reports in the past months and gain insights into the evolving nature of breaches and incidents. Through my research, I have discovered a […]
Read more "2023 Breaches and Incidents: Personal Notes"Recently (On March 18 2023 at 23:44), a new malspam campaign has been observed in the wild ( HERE ), which caused a significant amount of concern. This campaign is designed to distribute malicious emails, which contain a harmful payload that can infect a user’s system, steal sensitive information, or launch other types of attacks. […]
Read more "Reversing Emotet Dropping Javascript"During talks and presentations people often ask me how do I remember so many names, different “artifacts” (a.k.a Malware) and groups. I actually ended up with a “hemmm … well… actually I just remember them since I read and write a lot about cyber threats”. So here it comes the Malware Family CheatSheet. This work […]
Read more "Malware Families CheatSheet"During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […]
Read more "Onenote Malware: Classification and Personal Notes"Initial Access Brokers (IAB) are still the main way cyber criminals use to get access to their next target, but in 2022, as never before, I saw an increment of exploited vulnerabilities used by threat actors as initial vector or escalation vector. This behavior highlights the rise of a new skill-set belonging with specific actors […]
Read more "Most Exploited Vulnerabilities in 2022"Introduction Phishing kits are tools that dark side experts provide to the community of criminal phishers to facilitate the construction of malicious Web sites. As these kitsevolve in sophistication, providers of Web-based services need to keep pace withcontinuous complexity. Today I am proud to introduce a long time research that Andrea Venturi, Michele Colajanni, Giorgio […]
Read more "Phishing Kits: Threat Actors Analysis Research"Introduction We are living difficult times. From pandemic to Russia-Ukraine war. I was tempt to let a white post for remembering such a devastating times in my personal web corner, but I came out with the idea to remember these times by analyzing an involved sample in current cyber-conflicts. I start looking for Malware and […]
Read more "A Malware Analysis in RU-AU conflict"Disclaimer This blog post, as all the blog posts in my web-corner, want to share cybersecurity related researches and personal experiences in order to improve threats analysis, risks and cybersecurity awareness. In this specific cases junior cybersecurity analysts could improve their skills for free by understanding how to build threat intelligence and how to track […]
Read more "From a Phishing Page to a Possible Threat Actor"Ransomware are today very effective and they cause serious problems in many companies, we hear almost everyday entire businesses under ransom and companies who loose turnover and opportunities since have no available data to deal with. For such a reson I feel like I have to contribute in somehow to the community by giving what […]
Read more "CONTI Ransomware: Cheat Sheet"