During the past few weeks I received several emails asking how to dissect Office Payloads. While I was thinking on how to answer to such a questions I received a MalSpam with a Microsoft Office document attached by sheer coincidence, so I decided to write little bit on it. This is not going to be […]Read more "Step By Step Office Dropper Dissection"
Data breaches happen. Today, as never before, data plays a fundamental role in our real life. Everybody is both: dataproducer and dataconsumer. We are data producer by simply moving from one building to another one, having a smartphone in our pocket or surfing the web or just by tapping on smartphone applications. We are data consumer […]Read more "How to data breaches happen"
Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many obfuscation steps and implementation languages. During the analysis time only really few Antivirus (6 out of 60) were able to […]Read more "Interesting hidden threat since years ?"
Machine learning (ML) is a great approach to detect Malware. It is widely used among technical community and scientific community with two different perspectives: Performance V.S Robustness. The technical community tries to improve ML performances in order to increase the usability on large scale while scientific community is focusing on robustness by meaning how easy […]Read more "Attacking Machine Learning Detectors: the state of the art review"
Nowadays is hard to give strong definitions on what are the differences between Security Operation Centers (SOC), Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) since they are widely used in many organisations accomplishing very closed and similar tasks. Robin Ruefle (2007) on her paper titled “Defining Computer Security Incident Response […]Read more "CERTs, CSIRTs and SOCs after 10 years from definitions"
Hi folks, today I’d like to share a nice trick to unprotect password protected VB scripts into Office files. Nowadays it’s easy to find out malicious contents wrapped into OLE files since such a file format has the capability to link objects into documents and viceversa. An object could be a simple external link, a […]Read more "Unprotecting VBS Password Protected Office Files"
During the past few weeks some people asked me how to build a “cyber security offensive team”. Since the recurring question I decided to write a little bit about my point of view and my past experiences on this topic without getting into details (no: procedures, methodologies, communication artifacts and skill set will be provided). […]Read more "The Offensive Cyber Security Supply Chain"
During the past few weeks I read a lot of great papers, blog posts and full magazine articles on the ShadowBrokers Leak (free public repositories: here and here) released by WikiLeaks Vault7. Many of them described the amazing power of such a tools (by the way they are currently used by hackers to exploit systems […]Read more "ShadowBrokers Leak: A Machine Learning Approach"
Another free weekend, another suspicious link provided by a colleague of mine and another compelling feeling to understand “how it works”. The following analysis is made “just for fun” and is not part of my professional analyses which have to follows a complete different process before being released. So please consider it as a “sport […]Read more "A quick REVENGE Analysis"