Everything started from a well edited Italian language email (given to me from a colleague of mine, thank you Luca!) reaching out many Italian companies. The Italian language email had a weird attachment: ordine_065.js (it would be “Order Form” in English) which appeared “quite malicious” to me. By editing the .js attachment it becomes clear that […]Read more "False Flag Attack on Multi Stage Delivery of Malware to Italian Organisations"
During the past few weeks some people asked me how to build a “cyber security offensive team”. Since the recurring question I decided to write a little bit about my point of view and my past experiences on this topic without getting into details (no: procedures, methodologies, communication artifacts and skill set will be provided). […]Read more "The Offensive Cyber Security Supply Chain"
During the past few weeks I read a lot of great papers, blog posts and full magazine articles on the ShadowBrokers Leak (free public repositories: here and here) released by WikiLeaks Vault7. Many of them described the amazing power of such a tools (by the way they are currently used by hackers to exploit systems […]Read more "ShadowBrokers Leak: A Machine Learning Approach"
Another free weekend, another suspicious link provided by a colleague of mine and another compelling feeling to understand “how it works”. The following analysis is made “just for fun” and is not part of my professional analyses which have to follows a complete different process before being released. So please consider it as a “sport […]Read more "A quick REVENGE Analysis"
A couple of days ago a colleague of mine gave me a “brand new” malicious content delivered by a single HTML page. The page was sent to an email box as part of a biggest attack. I found that vector particularly fun and so I’d like to share some of the steps who took me […]Read more "Crypt0l0cker Revival !"
One of the most challenging tasks during Machine Learning processing is to define a great training (and possible dynamic) dataset. Assuming a well known learning algorithm and a periodic learning supervised process what you need is a classified dataset to best train your machine. Thousands of training datasets are available out there from “flowers” to […]Read more "Malware Training Sets: A machine learning dataset for everyone"
I am not used to write about vulnerabilities because there are too much vulnerabilities out here and writing about just one of them is not going to contribute security community at all. So why am I writing about Diry Cow ? I am going to write about it because, in my personal opinion, it is […]Read more "Dirty COW Notes"
My little contribution on cybersecurity to national TV channel; next to Evgenij Valentinovič Kasperskij, founder of Kaspersky Anti Virus Engine.Read more "Cybersecurity Awareness"
Hi Folks, this is another blog-post on internet of “broken things”. As many of you are familiar with MQTT is one of the most used protocol over the Internet of Things. It’s widely used in private area network – to make communications quick and light – and on public network as well – to build […]Read more "Internet of Broken Things: Threats are changing, so are we ?"
Nowadays it’s almost impossible to not write about EquationGroup Leak, so I’m going to start my “blog post” pushing the following picture (realised by Kaspersky Lab) which would cut-out every doubts about the leak paternity. EquationGroup VS ShadowBrokers’s Leak The leaked dump contains a set of exploits, implants and tools for hacking firewalls (code name: […]Read more "Summing up the ShadowBrokers Leak"