What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-23 07:12:22 | Windows System Calls For Hunters (lien direct) | Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad. For example the system call “encrypt” could be used by a privacy oriented software to encrypt content before shipping-it to a cloud storage or it could […] | Malware | ★★★ | |
|
2022-06-22 05:01:12 | Cyber Threats Tracker: Status Update (lien direct) | Today a simple update from my Cyber Threats Observatory (available HERE). Six months of this crazy year are over and it’s time to check some cyber threats trends. Once upon a time there was Emotet. It was on the TOP 5 on every ranking list, it reached the 5th epoch and it was able to […] | Threat | ||
|
2022-06-15 05:44:00 | Running Shellcode Through Windows Callbacks (lien direct) | Introduction When I’ve firstly seen the technique behind the Shellcode execution through Microsoft Windows Callbacks, I thought it was pure magic. But then, digging a little bit on it, I figured out that it was just brilliant ! Nowadays this technique is quite used in underground communities to inject shellcode into running processes so I […] | |||
|
2022-05-10 08:18:05 | A Malware Analysis in RU-AU conflict (lien direct) | Introduction We are living difficult times. From pandemic to Russia-Ukraine war. I was tempt to let a white post for remembering such a devastating times in my personal web corner, but I came out with the idea to remember these times by analyzing an involved sample in current cyber-conflicts. I start looking for Malware and […] | Malware | ★★★ | |
|
2022-04-14 06:42:39 | From a Phishing Page to a Possible Threat Actor (lien direct) | Disclaimer This blog post, as all the blog posts in my web-corner, want to share cybersecurity related researches and personal experiences in order to improve threats analysis, risks and cybersecurity awareness. In this specific cases junior cybersecurity analysts could improve their skills for free by understanding how to build threat intelligence and how to track […] | Threat | ||
|
2022-03-01 13:52:26 | DiskKill/HermeticWiper and NotPetya (Dis)similarities (lien direct) | Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […] | NotPetya NotPetya | ||
|
2022-02-07 15:10:17 | Cybersecurity Standards: A Quick Overview (lien direct) | Many times you hear about cybersecurity standards and many times you find yourself in a way to evaluate what you are developing (or what processes are going on in your company) and figure out what is the best standard for your organization to follow. After the third times I had to check a book and […] | |||
|
2022-01-18 07:10:35 | Building your Kubernets Cluster For Cybersecurity Prototyping (lien direct) | Kubernets and server-less applications would be the biggest next things to protect. So it would be a great idea to start to get practice on such environment, especially if you had no previous opportunities. Here my post on how to build your first kubernets cluster based on Raspberry Pi4 ! Raspberry is a cheap and […] | Uber | ||
|
2021-12-30 09:27:18 | APT28 SKINNYBOY: Cheat Sheet (lien direct) | APT28, also known as Sofacy Group is an (in)famous threat actor. It is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations and it has been characterized as an advanced persistent threat over the past years from […] | Threat | APT 28 | |
|
2021-11-07 08:19:19 | CONTI Ransomware: Cheat Sheet (lien direct) | Ransomware are today very effective and they cause serious problems in many companies, we hear almost everyday entire businesses under ransom and companies who loose turnover and opportunities since have no available data to deal with. For such a reson I feel like I have to contribute in somehow to the community by giving what […] | Ransomware | ||
|
2021-10-16 12:46:46 | Arts in digital defence (lien direct) | I received the “call” at the end of 2020 but my second TEDx was on late August 2021. It was a super, incredible wonderfull experience in where I met corgeos people and great professionals. I took this experience like a “summer project” and in three months I was able to deliver my speach. Great mentors […] | |||
|
2021-09-13 13:48:07 | Program Synthesis for Deobfuscation (lien direct) | I wrote several times about code obfuscation on my personal blog over the past 10 years, but this time I’d like to underline a different aspect of it, and a novel (at least for the best of my knowledge) approach to deal with deobfuscation. First of all let me remind that code obfuscation is not […] | |||
|
2021-08-23 07:27:30 | Paradise Ransomware: The Builder (lien direct) | The ransomware builders remind me old times, where Nukes and Exploiters were freely available on the underground communities, when few clicks were enough to bypass many AV vendors and attackers were activists or single people challenging the system. Nowadays the way the “builders” are developed and the way the criminality is abusing them to generate […] | Ransomware | ||
|
2021-07-05 06:33:57 | Babuk Ransomware: The Builder (lien direct) | On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […] | Ransomware | ||
|
2021-06-14 06:05:41 | The Allegedly Ryuk Ransomware builder: #RyukJoke (lien direct) | Reverse Engineering is one of the most clear path to study Malware and Threat Attribution, by RE you are intimately observe in the developer mind figuring out techniques and, from time to time, even intents. My current role as a CEO of a mid-sized organization (thousands of people) tries to keep me away from RE, […] | Ransomware Malware Threat | ★★★ | |
|
2021-05-07 06:21:28 | MuddyWater: Binder Project (Part 2) (lien direct) | Before getting in the following Blog Post I would suggest you to read the “Part 1” of MuddyWater Binder Project which is available HERE, where you might contestualize the Code Highlights. Source Code Highlights Now it’s time to get into more core pieces of code. Let’s start with the file ConnectionHandler.cswhich is implementing the logic […] | |||
|
2021-05-01 05:55:38 | MuddyWater: Binder Project (Part 1) (lien direct) | According to Lab Dookhtegan, which you migth remeber him/their from HERE, HERE and HERE, Binder is a project related to IRGC cyber espionage group build for trojenize google apps (APK). The application “trojenization” is a well-known process which takes as input a good APK and a code to inject (a RAT, for example). The system […] | |||
|
2021-03-15 10:40:59 | Malware Family Surface 2021 (Q1) (lien direct) | After serveral months (actually 15) from the Cybersecurity Observatory launch (you can find it HERE) I experienced a huge increment of classified Malware from the end of January 2021. The following picture shows how the average samples frequency is just more than twice if compared to the beginning of the month and to the past […] | Malware | ||
|
2021-03-08 18:00:42 | 0-Day Malware (2021) (lien direct) | Today Yoroi released its last cybersecurity report (available HERE). Following I am copying one of its chapters to give you a little flawor about what you can get for free by downloading it ! Hope you might like its contents. The volume of the malicious code produced and disseminated in the wild is constantly increasing. […] | Malware | ★★★★ | |
|
2021-02-25 09:02:26 | Folding Through Distributed Computing For Science (lien direct) | You might decide to contribute to the scientific community in several ways. If you are a scientist or a researcher you are contributing to science “by deafult” by publishing your results on online libraries such as USENIX, IEEE Explorer, ACM, Pubmed and so forth , but are there different ways to contribute even if you […] | |||
|
2021-01-30 15:01:40 | [ITA] Gratitudine e Cambiamento (lien direct) | Ci sono momenti che ti cambiano, alcuni per il dolore causato mentre altri per la grande gioia. Questa e’ la mia fortunata storia di un tempo che ha cambiato la mia vita. Durante gli ultimi cinque anni ho avuto la fortuna di creare una organizzazione da zero, di farla nascere, di custodirla, di partecipare ad […] | |||
|
2021-01-09 07:32:50 | C2 Traffic Patterns: Personal Notes (lien direct) | Detection is a key point in threat hunting and during the past few weeks, stright in the middle of the winter “holidays” (well, maybe if you live in a place where no COVID-19 lockdown was involved), many people re/started a studying program on cybersecurity. Some of them wrote to me asking if there is a […] | Threat | ||
|
2020-12-08 08:36:13 | Malware Delivery Platforms in 2020 (lien direct) | Once upon a time the Malware, the main actor in the entire infection chain. A single file, once executed it was able to perform the tasks it was designed for, forcing the target machine into victim by taking control or simply execuritying desired (sometime priviledged) commands. In 2010, during my PhD studies, I was already […] | Malware | ||
|
2020-11-27 10:57:45 | Threat Actor: Unkown (lien direct) | Today I’d like to share a quick analysis on a quite new and unknown threat spotted in the wild. The file which grabbed my attention is called Loader.js (md5: 59a03086db5ebd33615b819a7c3546a5) and if you wish you can download it from Yomi. A very similar (or maybe the same) threat has been observed in the past months […] | Threat | ||
|
2020-10-09 06:54:42 | How To Unpack Malware: Personal Notes (lien direct) | Nowadays malware authors use a lot of techniques to hide malicious payloads in order to bypass security products and to make malware analyst life harder and fun. There are many tools that you can use to extract content from malware and there is not a standard process, you can use different tools, different techniques and […] | Malware | ||
|
2020-09-29 06:42:10 | Tracking PhishingKits for Hunting APT Evolution (lien direct) | Advanced and Persistent Threats are often inoculated by emails or by exploiting exposed vulnerabilities. Since vulnerability exploitation follows specific waves, it depends on vulnerability trends, the email vector become one of the most (ab)used and stable way to inoculate Malicious and unwanted software. A common way to attack victims is to make her open an […] | Vulnerability | ||
|
2020-08-24 06:57:52 | How to Reverse Office Droppers: Personal Notes (lien direct) | According to the Yoroi annual cyber security report (available HERE), to Cyber Threat Trends (available HERE) and to many additional resources, Microsoft Office files (Word documents and Excel spreadsheet) are one of the most used malware loaders in the current era. Attackers lure victims, by seducing them to open a specially crafted Office document, which […] | Malware Threat | ||
|
2020-07-16 10:12:25 | Introducing PhishingKitTracker (lien direct) | If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim. Initially attackers use a phishing builder to […] | |||
|
2020-07-06 05:36:36 | Cyber Threats Trends 6 Months Of Findings (lien direct) | After six months from Cyber Threats Trends launch it’s time to check its main findings. When I decided to develop my own Cyber Threats Observatory I was not sure about its effectiveness and I was even more skeptical about the real usage from international cybersecurity communities. Fortunately many students, researchers and professionals used such a […] | |||
|
2020-06-24 14:52:00 | Is upatre downloader coming back ? (lien direct) | Hi Folks, today I want to share a quantitative analysis on a weird return-match by Upatre. According to Unit42 Upatre is an ancient downloader firstly spotted in 2013 used to inoculate banking trojans and active up to 2016. First discovered in 2013, Upatre is primarily a downloader tool responsible for delivering additional trojans onto the […] | Tool | ||
|
2020-04-13 07:13:14 | Cybersecurity Trends (lien direct) | Trends are interesting since they could tell you where things are going. I do believe in studying history and behaviors in order to figure out where things are going on, so that every Year my colleagues from Yoroi and I spend several weeks to study and to write what we observed during the past months […] |
To see everything:
Our RSS (filtrered)
