Introduction The group behind Emotet malware is getting smarter and smarter in the way the deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.Today I’d like to share a quick analysis resulted by a very interesting email which claimed […]
Read more "Is Emotet gang targeting companies with external SOC?"Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft Powerpoint as Malware Dropper, MalHIDE, Info Stealing: a New Operation in the Wild, Advanced All in Memory CryptoWorm, etc. […]
Read more "Frequent VBA Macros used in Office Malware"During the early 2000s in private chats or even in public IRC channels, self-styled “hackers” used to DOX people in order to prove their competence in “dark arts” (cit. Proceedings of the 39th SIGCSE). I always was fascinated by those guys that with few information such as an email address or a nickname were able […]
Read more "DOXing in 2019"From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your disk and eventually asking for a ransom before restoring original disk-configurations (Petya was just one of the most infamous boot-ransomware). But this is […]
Read more "Writing Your First Bootloader for Better Analyses"Today I’d like to share a simple and personal thought about teaching models on cybersecurity. Quite often students ask me how to improve their technical skills and the most common question is: “would it be better an university course a professional certification or getting directly on the field working in a Cybersecurity company ?”. The […]
Read more "University, Professional Certification or Direct Experience ?"I started my Blog back in October 2007 (yep, 12 years ago !) with the simple intent of describing some of my experiences in Cyber Security. At that time it was not so common like today to write about vulnerabilities, “hacking tools” and “information security researches”, but since it was what I was studying during […]
Read more "TOP 100 Cyber Security Blog"Today I’d like to share a comparative analysis on OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group of references as reports. Those reports have been divided into 4 […]
Read more "OilRig: the techniques evolution over time"Scraping the “TOR hidden world” is a quite complex topic. First of all you need an exceptional computational power (RAM mostly) for letting multiple runners grab web-pages, extracting new links and re-run the scraping-code against the just extracted links. Plus a queue manager system to manage scrapers conflicts and a database to store scraped data […]
Read more "Scraping the TOR for rare contents"There are many ways to fight cyber-crime, but what we used to do in Yoroi is Malware analysis and Incident response by using special and proprietary technologies. Often analyses are enough to temporary block cyber-criminals by sharing to everybody IOC allowing National and International players (ISP, AV vendors, CERTs and so on) to block connections […]
Read more "Free Tool: LooCipher Decryptor"Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. From here the idea to compare the leaked source code of two different state sponsored […]
Read more "Similarities and differences between MuddyWater and APT34"