When an unknown sender suggests me to click on a super wired url, dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it ! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” […]Read more "Ransomware, Trojan and Miner together against “PIK-Group”"
Hi folks, today I’d like to point you out another tool of mine which extract suspicious IPs from undesired connections. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners). If you like having fresh HoneyPot […]Read more "Free Tool: Honey Feed"
Hi folks, During the past weeks I received many requests on how to subscribe to my new WordPress blog, so many that I decided to “wrap-up” a little post on how to do it: apparently is not such intuitive (my bad 😛 ). On the top right of the page you should see “three dots”. […]Read more "How to Subscribe"
I’v been working on cybersecurity for most then 10 years. During my career I’ve held numerous roles which took me facing many problems: I had to solve technical issues as well as management, economic and financial ones. Every time I needed a “tool” to help a decision or to solve a technical question I started […]Read more "Free Tool: Malware Hunter"
A .CSV file could be a malware carrier and if interpreted by Microsoft Excel it could become a malware executor ! When I personally saw this technique back in 2017 (please take a look to here, here and here ) I was fascinated. A simple and sweet textual file forcing the behaviour of powerful and […]Read more "Spreading CSV Malware over Google Sheets"
On January 19th we downloaded Collectoin #1 to make statistics on its content (you might find more information here). During these days we finished the two main activities to be able to answer some more questions about it data: (i) ELK import and (ii) building of simple views to visualise desired informations. The following image shows […]Read more "“Collection #I” Data Breach Analysis – Part 2"
Few weeks ago I wrote about “How Data Breaches Happen“, where I shared some public available “pasties” within apparently (not tested) SQLi vulnerable websites. One of the most famous data breach in the past few years is happening in these days. I am not saying that the two events are linked, but I have fun […]Read more "“Collection #I” Data Breach Analysis – Part 1"
Data breaches happen. Today, as never before, data plays a fundamental role in our real life. Everybody is both: dataproducer and dataconsumer. We are data producer by simply moving from one building to another one, having a smartphone in our pocket or surfing the web or just by tapping on smartphone applications. We are data consumer […]Read more "How to data breaches happen"
Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers. Microsoft Excel within macros or Microsoft Word with user actions (like links or external OLE objects) are the main player in this “Office Dropping Arena”. When I figured out that a Microsoft Powerpoint was used to drop and to execute a […]Read more "Microsoft Powerpoint as Malware Dropper"
Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leader in the field of security and defensive military grade Naval ecosystem in Italy. Everything started from a well crafted email targeting the right office […]Read more "MartyMcFly Malware: Targeting Naval Industry"