cybersecurity

Understanding and Defending Against Microsoft 365 Attacks

September 29, 2023September 29, 2023

As the use of Microsoft 365 continues to grow, cyber attackers are increasingly targeting its cloud-based infrastructure. In this extensive post, we will delve into the realm of new Microsoft 365 attacks, exploring the attackers’ methods of gaining persistence within the Microsoft 365 cloud, and provide detailed countermeasures and best practices to enhance your organization’s […]

Malware Persistence Locations: Windows and Linux

September 23, 2023September 23, 2023

Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its presence over an extended period. This persistence is achieved through various covert techniques, […]

Leading the uncertainty: the decision-driven approach

September 14, 2023September 21, 2023

Many of my readers know me as a cybersecurity expert. More than 12 years of blogging on “security stuff”, malware analyses, cyber attack attributions, new tools and a personal (public here) cybersecurity observatory contributed a lot to push me into this specific direction. However during the past 10 years I did play many different roles. […]

2023 Breaches and Incidents: Personal Notes

June 22, 2023June 22, 2023

Introduction In today’s digital landscape, the prevalence of cyber threats and incidents has become a significant concern for individuals, organizations, and governments alike. I have had the opportunity to explore numerous vendor reports in the past months and gain insights into the evolving nature of breaches and incidents. Through my research, I have discovered a […]

Polymorphic Malware Using #AI

May 25, 2023May 25, 2023

In the ever-evolving landscape of cybersecurity, malicious actors constantly seek new ways to infiltrate computer systems, wreak havoc, and exploit vulnerabilities. One of their most insidious tools is polymorphic malware, a shape-shifting threat that challenges traditional defense mechanisms and poses a formidable challenge to organizations and individuals alike. In this blog post I will investigate […]

The Relevance of Prompts in AI and Cybersecurity

April 30, 2023April 30, 2023

Introduction to Prompting Artificial Intelligence (AI) has become an increasingly popular topic in recent years due to its potential to revolutionize various industries. The ability to automate tasks, analyze vast amounts of data, and make predictions has made AI a valuable tool for businesses and researchers alike. However, developing effective AI systems can be a […]

Reversing Emotet Dropping Javascript

March 22, 2023March 22, 2023

Recently (On March 18 2023 at 23:44), a new malspam campaign has been observed in the wild ( HERE ), which caused a significant amount of concern. This campaign is designed to distribute malicious emails, which contain a harmful payload that can infect a user’s system, steal sensitive information, or launch other types of attacks. […]

Malware Families CheatSheet

March 2, 2023March 2, 2023

During talks and presentations people often ask me how do I remember so many names, different “artifacts” (a.k.a Malware) and groups. I actually ended up with a “hemmm … well… actually I just remember them since I read and write a lot about cyber threats”. So here it comes the Malware Family CheatSheet. This work […]

Threat Actors Sheets: OpenAI Generated !

February 16, 2023February 16, 2023

Inroduction ChatGPT or more generally speaking OpenAI is an incredible tool. It is a spectacular instrument helping people in many different fields, it helps people to summarize text, to produce poem, to build images and music, to answer to difficult questions and to automatize complex processes. So I decided to dedicate an entire blog-post to […]

Onenote Malware: Classification and Personal Notes

February 4, 2023February 4, 2023

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […]