cybersecurity – Page 3 – Marco Ramilli Web Corner

SWEED Targeting Precision Engineering Companies in Italy

October 28, 2019October 28, 2019

Introduction Today I’d like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Precision engineering is a very important business market in Europe, it includes developing mechanical equipment for: automotive, railways, heavy industries and military grade technology . The attacker pretended to be a customer and sent to […]

Is Emotet gang targeting companies with external SOC?

October 14, 2019

Introduction The group behind Emotet malware is getting smarter and smarter in the way the deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.Today I’d like to share a quick analysis resulted by a very interesting email which claimed […]

Frequent VBA Macros used in Office Malware

October 1, 2019October 1, 2019

Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft Powerpoint as Malware Dropper, MalHIDE, Info Stealing: a New Operation in the Wild, Advanced All in Memory CryptoWorm, etc. […]

DOXing in 2019

September 16, 2019

During the early 2000s in private chats or even in public IRC channels, self-styled “hackers” used to DOX people in order to prove their competence in “dark arts” (cit. Proceedings of the 39th SIGCSE). I always was fascinated by those guys that with few information such as an email address or a nickname were able […]

Writing Your First Bootloader for Better Analyses

September 3, 2019September 4, 2019

From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your disk and eventually asking for a ransom before restoring original disk-configurations (Petya was just one of the most infamous boot-ransomware). But this is […]

University, Professional Certification or Direct Experience ?

August 26, 2019August 26, 2019

Today I’d like to share a simple and personal thought about teaching models on cybersecurity. Quite often students ask me how to improve their technical skills and the most common question is: “would it be better an university course a professional certification or getting directly on the field working in a Cybersecurity company ?”. The […]

TOP 100 Cyber Security Blog

August 19, 2019August 19, 2019

I started my Blog back in October 2007 (yep, 12 years ago !) with the simple intent of describing some of my experiences in Cyber Security. At that time it was not so common like today to write about vulnerabilities, “hacking tools” and “information security researches”, but since it was what I was studying during […]

OilRig: the techniques evolution over time

August 7, 2019

Today I’d like to share a comparative analysis on OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group of references as reports. Those reports have been divided into 4 […]

Scraping the TOR for rare contents

July 18, 2019July 18, 2019

Scraping the “TOR hidden world” is a quite complex topic. First of all you need an exceptional computational power (RAM mostly) for letting multiple runners grab web-pages, extracting new links and re-run the scraping-code against the just extracted links. Plus a queue manager system to manage scrapers conflicts and a database to store scraped data […]

Free Tool: LooCipher Decryptor

July 13, 2019July 13, 2019

There are many ways to fight cyber-crime, but what we used to do in Yoroi is Malware analysis and Incident response by using special and proprietary technologies. Often analyses are enough to temporary block cyber-criminals by sharing to everybody IOC allowing National and International players (ISP, AV vendors, CERTs and so on) to block connections […]