ReGeneration (Regin) Targeted Attack

Nowadays every security bloggers is writing about how Regin (it should be read as Re-Gen, like regeneration), a new sofisticate targeted attacks discovered by Symantec (here), works and how it spied several thousands of PC mostly in Russia, Germany and Middle East. I wont write about its “hidden 6 stages” Malware or about its incredibly […]

Read more "ReGeneration (Regin) Targeted Attack"

Nice Way To Evade Dynamic Analysis

One of the most important rules in building dynamic analysis environments is to avoid internet connection by the “potential malicious code”. Indeed the “potential malicious code” would try to exploit the analysis system per se if an internet connection is available. To respect this basic rule, when a sandboxed code tries to open an internet […]

Read more "Nice Way To Evade Dynamic Analysis"

Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks

A “mandatory” step to achieve a complete and successful targeted attack is the so called: “Cyber Intelligence Phase”. By definition every targeted attack owns at leeast one specific characteristic which makes it perfectly fit for a given target. As you might want agree, one of the most important activities on develping a targeted attack is […]

Read more "Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks"

MalControl Video

After the big success obtained through MalControl open source software, people asked me to record a simple video to show how it’s supposed to work. I did use screencast this time. This short quick’n dirty video shows how MalControl is supposed working. Please refer to the original GitHub page ( for every needs, tickets, request […]

Read more "MalControl Video"

Say Hello to MalControl: Malware Control Monitor

Gathering open data from malware analysis websites is the main target of Malware Control Monitor project. Visualize such a data by synthesize statistics highlighting where threats happen and what their impact is, could be useful to identify malware propagations.   Open Data: We actually scrape the following services: malwr  phishtank  urlquery  virscan  webinspector  If you […]

Read more "Say Hello to MalControl: Malware Control Monitor"