I wrote several times about code obfuscation on my personal blog over the past 10 years, but this time I’d like to underline a different aspect of it, and a novel (at least for the best of my knowledge) approach to deal with deobfuscation. First of all let me remind that code obfuscation is not […]Read more "Program Synthesis for Deobfuscation"
The ransomware builders remind me old times, where Nukes and Exploiters were freely available on the underground communities, when few clicks were enough to bypass many AV vendors and attackers were activists or single people challenging the system. Nowadays the way the “builders” are developed and the way the criminality is abusing them to generate […]Read more "Paradise Ransomware: The Builder"
On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]Read more "Babuk Ransomware: The Builder"
Reverse Engineering is one of the most clear path to study Malware and Threat Attribution, by RE you are intimately observe in the developer mind figuring out techniques and, from time to time, even intents. My current role as a CEO of a mid-sized organization (thousands of people) tries to keep me away from RE, […]Read more "The Allegedly Ryuk Ransomware builder: #RyukJoke"
Before getting in the following Blog Post I would suggest you to read the “Part 1” of MuddyWater Binder Project which is available HERE, where you might contestualize the Code Highlights. Source Code Highlights Now it’s time to get into more core pieces of code. Let’s start with the file ConnectionHandler.cswhich is implementing the logic […]Read more "MuddyWater: Binder Project (Part 2)"
According to Lab Dookhtegan, which you migth remeber him/their from HERE, HERE and HERE, Binder is a project related to IRGC cyber espionage group build for trojenize google apps (APK). The application “trojenization” is a well-known process which takes as input a good APK and a code to inject (a RAT, for example). The system […]Read more "MuddyWater: Binder Project (Part 1)"
After serveral months (actually 15) from the Cybersecurity Observatory launch (you can find it HERE) I experienced a huge increment of classified Malware from the end of January 2021. The following picture shows how the average samples frequency is just more than twice if compared to the beginning of the month and to the past […]Read more "Malware Family Surface 2021 (Q1)"
Today Yoroi released its last cybersecurity report (available HERE). Following I am copying one of its chapters to give you a little flawor about what you can get for free by downloading it ! Hope you might like its contents. The volume of the malicious code produced and disseminated in the wild is constantly increasing. […]Read more "0-Day Malware (2020)"
Ci sono momenti che ti cambiano, alcuni per il dolore causato mentre altri per la grande gioia. Questa e’ la fortunata storia di un tempo che ha cambiato la mia vita. Durante gli ultimi cinque anni ho avuto la fortuna di creare una organizzazione da zero, di farla nascere, di custodirla, di partecipare ad operazioni […]Read more "[ITA] Gratitudine e Cambiamento"
Detection is a key point in threat hunting. During the past few weeks, stright in the middle of the winter “holidays” (well, maybe if you live in a place where no COVID-19 lockdown was involved), many people re/started a studying program on cybersecurity. Some of them wrote to me asking if there is a way […]Read more "C2 Traffic Patterns: Personal Notes"