Getting Persistence With No Malware

One of the most challenging task for attackers is to get persistence into the hacked machine. Malware was the perfect way to get this task done: basically a simple Malware, implementing a persistence technique such as: Getting into the “startup folder” Installing a rootkit on user/system executable DLL search hijacking “Run” Registry keys “UserInit” Registry […]

Read more "Getting Persistence With No Malware"

Indusrtial Control Systems: an Interview

Industrial Control System Security is a great challenge in nowadays production environments but often is one of the last sake of production managers. “SCADA (supervisory control and data acquisition) is a system operating with coded signals over communication channels so as to provide control of remote equipment (using typically one communication channel per remote station). […]

Read more "Indusrtial Control Systems: an Interview"

PDF Versions Malicious Content Distribution

While attack vectors based on Malicious PDF are a well known topic (SANS, Didier’s tools), understanding how those vectors are spread up nowadays is an interesting “research” (at least in my personal opinion). Recently, Yoroi ‘s toolset gave me the ability to analize almost 2k PDF per hour, so I decided to analyze an entire […]

Read more "PDF Versions Malicious Content Distribution"

ReGeneration (Regin) Targeted Attack

Nowadays every security bloggers is writing about how Regin (it should be read as Re-Gen, like regeneration), a new sofisticate targeted attacks discovered by Symantec (here), works and how it spied several thousands of PC mostly in Russia, Germany and Middle East. I wont write about its “hidden 6 stages” Malware or about its incredibly […]

Read more "ReGeneration (Regin) Targeted Attack"