One of the most important rules in building dynamic analysis environments is to avoid internet connection by the “potential malicious code”. Indeed the “potential malicious code” would try to exploit the analysis system per se if an internet connection is available. To respect this basic rule, when a sandboxed code tries to open an internet […]Read more "Nice Way To Evade Dynamic Analysis"
A “mandatory” step to achieve a complete and successful targeted attack is the so called: “Cyber Intelligence Phase”. By definition every targeted attack owns at leeast one specific characteristic which makes it perfectly fit for a given target. As you might want agree, one of the most important activities on develping a targeted attack is […]Read more "Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks"
As you might see from my posts frequency, last months have been pretty busy to me. My hacking team and I are working really hard and we are achieving incredibly results which makes me happy but really busy as well. OpenSSL CCS Attack (CVE-2014-0224) is almost one month old and not super interesting to be […]Read more "OpenSSL CCS Attack"
After the big success obtained through MalControl open source software, people asked me to record a simple video to show how it’s supposed to work. I did use screencast this time. This short quick’n dirty video shows how MalControl is supposed working. Please refer to the original GitHub page (https://github.com/marcoramilli/malcontrol) for every needs, tickets, request […]Read more "MalControl Video"
Gathering open data from malware analysis websites is the main target of Malware Control Monitor project. Visualize such a data by synthesize statistics highlighting where threats happen and what their impact is, could be useful to identify malware propagations. Open Data: We actually scrape the following services: malwr phishtank urlquery virscan webinspector If you […]Read more "Say Hello to MalControl: Malware Control Monitor"
Just a quick note to my readers from London. I’ll attend InfoSec London 2014, if you want to have a beer or share some “Security Thoughts” I’ll be more then happy. Just drop me an email I’ll answer you shortly. While I’ll be most of my time in M96 Stand, I’ll try to attend some […]Read more "InfoSec London 2014"
I am not used to report malware analysis made by “big security companies” since easy to find in planty of media. Linking such a reports to my blog is useless because many of my reders would probably read those feeds before my blog. However today I ‘d like to share a pretty nice article written […]Read more "Malware Writers."
In the last 2 years I’ve been working mostly on private companies. Since often the “computer security” is not on the company main business ( … in fact, for many companies computer security is just a kind of “utility”… ) because belonging to a different, often even not digitalized, world, having a survey of what […]Read more "Cloud Security: Infographics"
Today I want to simply share on my diary a great picture of my working day (this picture is a screen capture of a double monitor running a progect in nodejs). This picture represents an amazing security project finally ready to the first public release and … the desire of writing “amazing code”. You will […]Read more "Managing and Writing"
Today I found some notes on my desk abut the last Chaos Computing Club-Congress (CCC) in 2013. Since are pretty funny to me I decided to share them with you. Researchers, as reported to 29C3, were able to collect over 3 Million certificates with their Public Key. So far nothing interesting at all…They were able […]Read more "When Fun Comes to Crypto"