A couple of days ago a colleague of mine gave me a “brand new” malicious content delivered by a single HTML page. The page was sent to an email box as part of a biggest attack. I found that vector particularly fun and so I’d like to share some of the steps who took me […]Read more "Crypt0l0cker Revival !"
One of the most challenging tasks during Machine Learning processing is to define a great training (and possible dynamic) dataset. Assuming a well known learning algorithm and a periodic learning supervised process what you need is a classified dataset to best train your machine. Thousands of training datasets are available out there from “flowers” to […]Read more "Malware Training Sets: A machine learning dataset for everyone"
I am not used to write about vulnerabilities because there are too much vulnerabilities out here and writing about just one of them is not going to contribute security community at all. So why am I writing about Diry Cow ? I am going to write about it because, in my personal opinion, it is […]Read more "Dirty COW Notes"
My little contribution on cybersecurity to national TV channel; next to Evgenij Valentinovič Kasperskij, founder of Kaspersky Anti Virus Engine.Read more "Cybersecurity Awareness"
Hi Folks, this is another blog-post on internet of “broken things”. As many of you are familiar with MQTT is one of the most used protocol over the Internet of Things. It’s widely used in private area network – to make communications quick and light – and on public network as well – to build […]Read more "Internet of Broken Things: Threats are changing, so are we ?"
Nowadays it’s almost impossible to not write about EquationGroup Leak, so I’m going to start my “blog post” pushing the following picture (realised by Kaspersky Lab) which would cut-out every doubts about the leak paternity. EquationGroup VS ShadowBrokers’s Leak The leaked dump contains a set of exploits, implants and tools for hacking firewalls (code name: […]Read more "Summing up the ShadowBrokers Leak"
I wrote a little bit about Ransomware general view and Ransomware general infection methods here. Today, after some more months working on the field and after having meet much more Ransomware than I thought, I’d like to write a little bit about how to “fight them”. Before starting the review of some of the most known […]Read more "Fighting Ransomware Threats"
Once upon a time breaking the Stack (here) was a metter of indexes and executables memory areas (here). Then it came a DEP protection (here) which disabled a particular area from being executable. This is the fantastic story of ROP (Return Oriented Programming) from which I’ve been working for long time in writing exploiting and […]Read more "From ROP to LOP bypassing Control FLow Enforcement"
Back in 2011 blogs (here, here, here) and papers (here, here, here, here) described a widely used Malware technique to hide malicious actions called: Process Hollowing. Nowadays we are experiencing some “flashbacks” to this delightful technique, so I decided to write a little bit about it, just in case someone needs a “refresh”. Process hollowing is a […]Read more "Process Hollowing"
It happens from time to time people asking me what are the most “notorious hacking groups”. On February 2015 I wrote a little bit on most notorious group in 2015 (here) but today things changed a little bit. It’s hard to answer to such a question since we need a strong definition of “notorious”, do […]Read more "Notorious Hacking Groups in mid 2016"