Nowadays it’s almost impossible to not write about EquationGroup Leak, so I’m going to start my “blog post” pushing the following picture (realised by Kaspersky Lab) which would cut-out every doubts about the leak paternity. EquationGroup VS ShadowBrokers’s Leak The leaked dump contains a set of exploits, implants and tools for hacking firewalls (code name: […]Read more "Summing up the ShadowBrokers Leak"
I wrote a little bit about Ransomware general view and Ransomware general infection methods here. Today, after some more months working on the field and after having meet much more Ransomware than I thought, I’d like to write a little bit about how to “fight them”. Before starting the review of some of the most known […]Read more "Fighting Ransomware Threats"
Once upon a time breaking the Stack (here) was a metter of indexes and executables memory areas (here). Then it came a DEP protection (here) which disabled a particular area from being executable. This is the fantastic story of ROP (Return Oriented Programming) from which I’ve been working for long time in writing exploiting and […]Read more "From ROP to LOP bypassing Control FLow Enforcement"
Back in 2011 blogs (here, here, here) and papers (here, here, here, here) described a widely used Malware technique to hide malicious actions called: Process Hollowing. Nowadays we are experiencing some “flashbacks” to this delightful technique, so I decided to write a little bit about it, just in case someone needs a “refresh”. Process hollowing is a […]Read more "Process Hollowing"
It happens from time to time people asking me what are the most “notorious hacking groups”. On February 2015 I wrote a little bit on most notorious group in 2015 (here) but today things changed a little bit. It’s hard to answer to such a question since we need a strong definition of “notorious”, do […]Read more "Notorious Hacking Groups in mid 2016"
Most of my readeres exactly know what code caves are while many other people out there (maybe occasional readers) could wonder why I am writing about codecaves in 2016 since it is a well know technique (published in 2006) to inject a malicious payload inside Windows Portable Executables. Well, today I want to disclouse a […]Read more "Looking For Caves in Windows Executables"
Today I want to share a quick’n dirty analysis of a brand new Crypt0l0cker version realised for the Italian market and spread over emails (such as: ENEL Bolletta). Unfortunately I do not have much time to invest in that analysis but we will analyse how we might be able to recover mostly of the encrypted […]Read more "Recovering Files From Brand New Crypt0l0cker"
Even if Ransomware is not one of my favorite topics, since are simple Malware without specific targets (at least util today), I am currently observing a huge increment of this threat in companies, agencies and in private users as well. For such a reason I decided to write a little bit about them in my […]Read more "Ransomware: a general view after field experiences"
TOR is a well known “software” able to protect communications dispatching packets between different relays spread over the world run by a network of volunteers. Because the high rate of anonymity TOR has been used over the past years to cover malicious actions by physical and cyber attackers. TOR, especially through its browser implementation (the […]Read more "Spotting Malicious Node Relays"
Understanding the “sandbox” technology is a fundamental step in Malware prevention. While it is obvious the new evasion techniques such as (but not limited to); Malware Encryption, Malware Packing, Metamorphism and Polimorfism are able to evade romantic defensive technologies such as (but not limited to) AntiVirus, Intrusion Detection and Prevention Systems, URL Filtering and Proxy, […]Read more "SandBoxes personal evaluations"