analyzing
-
[This is a Guest Diary by Cody Hales, an ISC intern as part of the SANS.edu BACS program] Introduction From August to November 2024, my honeypot has captured a wide array of malicious content. In this analysis, I will focus on a specific strain of malware called redtail and the scripts that enable its execution.…
-
“I have not failed. I’ve just found 10,000 ways that won’t work”
-
In 2024, healthcare organizations experienced multiple expensive cyberattacks, costing an average of nearly $10 million.1 And with the expansion of ransomware and extortion exploits, healthcare will likely continue to be targeted by such attacks.
-
Security researcher Jeff Kieschnick from LevelBlue uncovered the stealthy tactics of a Potentially Unwanted Application (PUA) masquerading as a PDF conversion tool. The report details the crafty maneuvers of the application named “PDFFlex” and its browser extension “ExtensionOptimizer” which uses a double layer of persistence to hide on a system.
-
Recently, cybersecurity researchers discovered a Linux variant of the Helldown ransomware strain. This finding signals that threat actors have begun targeting VMware and Linux systems as attack vectors, indicating an increased focus on such platforms for attacks targeting Linux-based machines.
-
IntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
This is a follow-up to my previous blog post looking at how to install/run the new John the Ripper Tokenizer attack [Link]. The focus of this post will be on performing a first pass analysis about how the Tokenizer attack actually performs.
-
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
-
Sarah Arpin, Tyler Raven Billingsley, Daniel Rayor Hast, Jun Bo Lau, Ray Perlner, Angela Robinson ePrint Report We present experimental findings on the decoding failure rate (DFR) of BIKE, a fourth-round candidate in the NIST Post-Quantum Standardization process, at the 20-bit security level using graph-theoretic approaches. We select parameters according to BIKE design principles and…
-
Table of Contents Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service (MaaS). It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to fake CAPTCHA verification, exploiting legitimate software to deliver Lumma Stealer. These deceptive delivery methods…
-
Recent research by the Cyble Research and Intelligence Lab (CRIL) has brought to light a sophisticated multi-stage malware attack orchestrated by a Vietnamese threat actor. This campaign specifically targets job seekers and digital marketing professionals, employing various advanced tactics including the use of Quasar RAT, which allows attackers full control over compromised systems.
-
With cloud infrastructure costs increasingly a focus, many organizations are scrutinizing AWS bills for potential savings. NAT Gateway usage can be a significant line item, yet its intricacies can make cost-saving opportunities less obvious. As the standard solution for routing traffic from private subnets to the internet, NAT Gateways are a critical component of many…
-
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
-
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
-
MalBot September 13, 2024, 11:10pm 1 This Threat Analysis Report will delve into a newly discovered nation-state level threat Campaign tracked by Cybereason as Cuckoo Spear. It will outline how the associated Threat Actor persists stealthily on their victims’ network for years, highlighting strategies used across Cuckoo Spear and how defenders can detect and prevent…
-
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
-
Sidekick 2.0 introduces a powerful set of features that significantly enhance firmware analysis capabilities. In this post, we’ll demonstrate how Sidekick, in conjunction with the Firmware Ninja plugin (currently in development) for Binary Ninja, can streamline the process of analyzing Memory Mapped I/O (MMIO) in firmware samples.
-
This post is also available in: 日本語 (Japanese)