Collaborate Disseminate
An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto NetworksR… Continue reading Rorschach ransomware deployed by misusing a security tool
I’m looking into WDAC and the option to use Microsoft’s ISG for files that are not explicitly allowed or denied caught my interest. Unfortunately I haven’t been able to find any information on what is sent to the ISG to make the known good… Continue reading What information does the Microsoft Intelligent Security Graph use for querying files?
In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […]
The post When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule appeared first on Security Intelligence.
I am trying to analyze the .vmem file from HoneyNet challenge 3: Banking Troubles (HoneyNet) using volatility3. But I can’t seem to get past this error:
PS C:\Users\<user>\Desktop\HoneyNet\volatility3> python vol.py -f C:\Users\&l… Continue reading Volatility: AutoMagic Symbol Table error
I am experimenting with VBA stomping in microsoft word documents.
I have done it manually but also with the evilClippy tool aswell.
What i have noticed is that, although the original vba code stays hidden at first (the p-code in other word… Continue reading How to make VBA code stay hidden even after vba stomping?
Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of 324 days (233 days to identify and 91 days to contain), compared to the global […]
The post What are the Duties of a Malware Analyst? appeared first on Security Intelligence.
“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis of over… Continue reading Malware that can do anything and everything is on the rise
See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and…
The post How Threat Actors Use OneNote to Deploy ASyncRAT appeared first on TrustedSec.
Continue reading How Threat Actors Use OneNote to Deploy ASyncRAT
1 Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office…
The post New Attacks, Old Tricks: How OneNote Malware is Evolving appeared first on TrustedSec.
Continue reading New Attacks, Old Tricks: How OneNote Malware is Evolving
ChatGPT from OpenAI is a conversational chatbot that was recently released in preview mode for research purposes. It takes natural language as an input and aims to solve problems, provide follow up questions or even challenge assertions depending on wh… Continue reading ChatGPT: The infosec assistant that is jack of all trades, master of none