Writing Your First Bootloader for Better Analyses

From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your disk and eventually asking for a ransom before restoring original disk-configurations (Petya was just one of the most infamous boot-ransomware). But this is […]

Read more "Writing Your First Bootloader for Better Analyses"

Similarities and differences between MuddyWater and APT34

Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. From here the idea to compare the leaked source code of two different state sponsored […]

Read more "Similarities and differences between MuddyWater and APT34"

“Collection #I” Data Breach Analysis – Part 2

On January 19th we downloaded Collectoin #1 to make statistics on its content (you might find more information here). During these days we finished the two main activities to be able to answer some more questions about it data: (i) ELK import and (ii) building of simple views to visualise desired informations. The following image shows […]

Read more "“Collection #I” Data Breach Analysis – Part 2"