Knowing your “enemies” is always a good exercise before developing every protection. Different attackers have different techniques and belong to different groups. Each group owns strict beliefs and attacks in a well known way. In this post I want to examine some of the most notorious hacking groups in the history until now (February 2015) […]Read more "Notorious Hacking Groups."
From time to time, even if we are now in 2015, I find people that do not truly believe in cyber attacks having confused ideas on how cyber attackers do their job. So, even if what I am writing is wellknown for most of you, I want to briefly describe a romantic process behind current […]Read more "Romantic Cyber Attack Process"
One of the most challenging task for attackers is to get persistence into the hacked machine. Malware was the perfect way to get this task done: basically a simple Malware, implementing a persistence technique such as: Getting into the “startup folder” Installing a rootkit on user/system executable DLL search hijacking “Run” Registry keys “UserInit” Registry […]Read more "Getting Persistence With No Malware"
Industrial Control System Security is a great challenge in nowadays production environments but often is one of the last sake of production managers. “SCADA (supervisory control and data acquisition) is a system operating with coded signals over communication channels so as to provide control of remote equipment (using typically one communication channel per remote station). […]Read more "Indusrtial Control Systems: an Interview"
While attack vectors based on Malicious PDF are a well known topic (SANS, Didier’s tools), understanding how those vectors are spread up nowadays is an interesting “research” (at least in my personal opinion). Recently, Yoroi ‘s toolset gave me the ability to analize almost 2k PDF per hour, so I decided to analyze an entire […]Read more "PDF Versions Malicious Content Distribution"
I knew the presence of “Clever” Malware, actually with no real evidence, (at that time I didn’t know “Clever” it was its future name) from a cyber friend of mine who worked with me on Malware evasion techniques. I knew Iranian hackers were getting better and better, but what I did not know was the […]Read more "Operation Clever"
Nowadays every security bloggers is writing about how Regin (it should be read as Re-Gen, like regeneration), a new sofisticate targeted attacks discovered by Symantec (here), works and how it spied several thousands of PC mostly in Russia, Germany and Middle East. I wont write about its “hidden 6 stages” Malware or about its incredibly […]Read more "ReGeneration (Regin) Targeted Attack"
I am not used to write “Malware centric” posts, contrary I do love to focalize my writing on specific techniques used by Malware to infect systems and/or to evade analysis. However today, I want to stamp in my digital diary WireLurker since I see a “paradigm shift” on it. I find it a super fascinating […]Read more "WireLurker, a shock in Apple World."
During my talks and during my daily working life people asks me about the most interesting Malware used to perform Advanced Persistent Targeted Attacks (APTA). So I decided to give my personal answer in this post, beeing concious that things would change pretty soon. Lets start with Stuxnet, maybe one of the most known APTA […]Read more "The Most Famous Malwares in APTA"
Test if you are vulnerable Nothing really to add here. It makes me just thinking…. those things still happens (thxG). More here, here, here, here and here UPDATE (click to enlarge): From PasteBin (here) No Way… Wondering of many triggering vector would be out there UPDATE 2 After some days from the original 6271, […]Read more "Bash Vulnearbility: CVE-2014-6271"