In a surprising discovery that’s set the tech world abuzz, a hidden backdoor was found in XZ Utils, a widely-used library that facilitates lossless data compression. Given its popularity across various Linux distributions and numerous applications on Linux and macOS, the implications of this discovery are significant. The Essence of the Backdoor At its core, […]
Read more "XZ Utils Backdoor (CVE-2024-3094): Personal Notes"Introduction i-SOON (上海安洵), a prominent contractor for various Chinese government agencies such as the Ministry of Public Security, Ministry of State Security, and People’s Liberation Army, experienced a significant data breach during the weekend of Feb 16th. The breach has shed light on the internal workings of a state-affiliated hacking contractor, although the source and […]
Read more "i-SOON Data Leak: Key Points"Recently (On March 18 2023 at 23:44), a new malspam campaign has been observed in the wild ( HERE ), which caused a significant amount of concern. This campaign is designed to distribute malicious emails, which contain a harmful payload that can infect a user’s system, steal sensitive information, or launch other types of attacks. […]
Read more "Reversing Emotet Dropping Javascript"Inroduction ChatGPT or more generally speaking OpenAI is an incredible tool. It is a spectacular instrument helping people in many different fields, it helps people to summarize text, to produce poem, to build images and music, to answer to difficult questions and to automatize complex processes. So I decided to dedicate an entire blog-post to […]
Read more "Threat Actors Sheets: OpenAI Generated !"Initial Access Brokers (IAB) are still the main way cyber criminals use to get access to their next target, but in 2022, as never before, I saw an increment of exploited vulnerabilities used by threat actors as initial vector or escalation vector. This behavior highlights the rise of a new skill-set belonging with specific actors […]
Read more "Most Exploited Vulnerabilities in 2022"Introduction Today I’d like to share a quick analysis initiated during a threat hunting process. The first observable was found during hunting process over OSINT sources, the entire infrastructure was still up and running during the analyses as well as malicious payload were downloadable. Analysis My first observable was a zipped text file compressing a […]
Read more "Is Hagga Threat Actor (ab)using FSociety framework ?"Introduction We are living difficult times. From pandemic to Russia-Ukraine war. I was tempt to let a white post for remembering such a devastating times in my personal web corner, but I came out with the idea to remember these times by analyzing an involved sample in current cyber-conflicts. I start looking for Malware and […]
Read more "A Malware Analysis in RU-AU conflict"Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […]
Read more "DiskKill/HermeticWiper and NotPetya (Dis)similarities"APT28, also known as Sofacy Group is an (in)famous threat actor. It is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations and it has been characterized as an advanced persistent threat over the past years from […]
Read more "APT28 SKINNYBOY: Cheat Sheet"Ransomware are today very effective and they cause serious problems in many companies, we hear almost everyday entire businesses under ransom and companies who loose turnover and opportunities since have no available data to deal with. For such a reson I feel like I have to contribute in somehow to the community by giving what […]
Read more "CONTI Ransomware: Cheat Sheet"