Marco Ramilli Web Corner

DiskKill/HermeticWiper and NotPetya (Dis)similarities

March 1, 2022March 1, 2022

Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […]

Cybersecurity Standards: A Quick Overview

February 7, 2022February 7, 2022

Many times you hear about cybersecurity standards and many times you find yourself in a way to evaluate what you are developing (or what processes are going on in your company) and figure out what is the best standard for your organization to follow. After the third times I had to check a book and […]

Building your Kubernets Cluster For Cybersecurity Prototyping

January 18, 2022January 18, 2022

Kubernets and server-less applications would be the biggest next things to protect. So it would be a great idea to start to get practice on such environment, especially if you had no previous opportunities. Here my post on how to build your first kubernets cluster based on Raspberry Pi4 ! Raspberry is a cheap and […]

APT28 SKINNYBOY: Cheat Sheet

December 30, 2021December 30, 2021

APT28, also known as Sofacy Group is an (in)famous threat actor. It is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations and it has been characterized as an advanced persistent threat over the past years from […]

CONTI Ransomware: Cheat Sheet

November 7, 2021December 24, 2021

Ransomware are today very effective and they cause serious problems in many companies, we hear almost everyday entire businesses under ransom and companies who loose turnover and opportunities since have no available data to deal with. For such a reson I feel like I have to contribute in somehow to the community by giving what […]

Arts in digital defence

October 16, 2021November 8, 2021

I received the “call” at the end of 2020 but my second TEDx was on late August 2021. It was a super, incredible wonderfull experience in where I met corgeos people and great professionals. I took this experience like a “summer project” and in three months I was able to deliver my speach. Great mentors […]

Program Synthesis for Deobfuscation

September 13, 2021December 24, 2021

I wrote several times about code obfuscation on my personal blog over the past 10 years, but this time I’d like to underline a different aspect of it, and a novel (at least for the best of my knowledge) approach to deal with deobfuscation. First of all let me remind that code obfuscation is not […]

Paradise Ransomware: The Builder

August 23, 2021December 24, 2021

The ransomware builders remind me old times, where Nukes and Exploiters were freely available on the underground communities, when few clicks were enough to bypass many AV vendors and attackers were activists or single people challenging the system. Nowadays the way the “builders” are developed and the way the criminality is abusing them to generate […]

Babuk Ransomware: The Builder

July 5, 2021December 24, 2021

On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]

The Allegedly Ryuk Ransomware builder: #RyukJoke

June 14, 2021June 14, 2021

Reverse Engineering is one of the most clear path to study Malware and Threat Attribution, by RE you are intimately observe in the developer mind figuring out techniques and, from time to time, even intents. My current role as a CEO of a mid-sized organization (thousands of people) tries to keep me away from RE, […]