Clik here to view.
APT: bot exfiltration
In the world of advanced persistent threats or APTs, techniques used by malware artifacts play an important role in communication and exfiltering information via C2s (Command & Control). In this...
View ArticleClik here to view.
CurrentVersion\Run\Barbicas
Editor’s Note: tomorrow morning our colleague Antonio Sanz is going to be giving a talk on the malware described in this post, and the handling of the incident associated with its detection at...
View ArticleClik here to view.
Clearing up the complexity: Security for non-technicians
IT security is almost always complex, covering many different areas and creating the sensation of a technical equivalent to “doctors’ handwriting”. Who hasn’t had a moment where two security...
View ArticleClik here to view.
Taking apart office automation documents with OfficeMalScanner
One of the main routes of malware infection is through office automation documents. They represent a very potent vector of infection, specially in directed attacks and phishing campaigns. These...
View ArticleClik here to view.
Two-step authentication, or how to make it tough for a hacker
Two-step authentication is a protection approach widely known among cyber security people but it is not that known among regular users. This article aims to teach everybody about it, as domestic user...
View ArticleClik here to view.
Yara for Incident Handling: a practical case
Yara is an initiative that’s become more and more popular for incident handling, especially over the last year. This project has been widely spoken about on this and other blogs. Here I’m going to show...
View ArticleUnveiling Nuclear EK (I)
When analyzing network traffic, we can often find patterns belonging to the already known Angler EK, Nuclear EK and Magnitude EK. Normally sold in the black market, an Exploit Kit (EK) is a toolset...
View ArticleClik here to view.
Unveiling Nuclear EK (II)
In the first part, we got an example of the case we want to analyze. Having the HTML files extracted with Wireshark, we can start the analysis. (1) index.php Simple; redirects to (2)...
View ArticleUnveiling Nuclear EK (III)
(See parts I and II of this serie) In the previous post we were about to find out why the proxy does not identify the Flash object as application/x-shockwave-flash. Let’s see. (4)...
View ArticleClik here to view.
Unveiling Nuclear EK (IV)
(See parts I, II and III of this serie) In the previous post we managed to obtain the original SWF, but discovered that the exploit is embedded in a ByteArray. Will we be able to obtain it? First of...
View ArticleClik here to view.
Solving ‘heap’ from defcon 2014 qualifier with r2
This article will introduce r2 to resolve a simple CTF from Defcon ’14 using Linux. For those who do not know radare2 is a unix-like reverse engineering framework and commandline tools and the most...
View ArticleThe NSA needs your updates
(Please note this is a translated post from the Spanish version… and that 28th December is in Spain equivalent to April Fools’ Day, so this news was just a joke) Although this finding has little more...
View ArticleClik here to view.
Wearables, the family grows
Wearables have landed into our life to entertain us, making some actions easy and even to control parts of it. It is called wearable any accesory we wear that interacts with us and our devices in order...
View ArticleClik here to view.
Malcom: Practical exercise on traffic analysis
Malcom (Malware Communication Analyzer) is a tool I have been using for quite some time now and, even though it is quite well documented in several sites, I thought convenient to dedicate an article...
View ArticleClik here to view.
The blackout…revisited
This year has started with some frights for all of us who have responsibilities in secure operations in electric power grids. There is, on one hand, the Israel Electric Authority event. On January 27th...
View ArticleClik here to view.
Stay protected against Ransomware
Ransomware is here to stay. This is something becoming clearer by the minute. It is a very lucrative business if we judge it by the successful infection effectiveness rate and, to a lesser extent, due...
View ArticleClik here to view.
Registration for the RHME2 embedded CTF is open
The RHME2 is an embedded CTF running on the Arduino Nano board. The participants have to prove their skills both on software and hardware exploitation. Buffer overflows, ROP, C++ exploitation,...
View ArticleClik here to view.
Blockchain and Cybersecurity I
Blockchain. Maybe some of you have heard of it. Others maybe not. Inside some circles, Blockchain is a concept that is resonating with force, even though a fair amount of people does not comprehend...
View ArticleClik here to view.
The end of passwords … or not
It is more than said and proven that passwords are the key that gives access to our information, and hence we give them so much importance. Today we use passwords to access our emails, the bank, social...
View ArticleClik here to view.
Linux.Mirai: Attacking video surveillance systems
During the Olympic Games in Rio de Janeiro, one of our sensors in Brazil detected a particularly interesting intrusion into a honeypot TELNET service. This interaction used unusual credentials since...
View Article