The Russian ICC (I). Introduction: the Russians are coming!
We often talk about Russian APTs, Russian malware, Russian groups … But who are the “Russians”? We will analyze, in a series of posts, who “the Russians” really are, what Russia is (from the point of...
View ArticleThe Russian ICC (II). Context: Russia
Before talking about the Russian ICC, we must know that Russia is the largest country with the most kilometers (more than 20,000) in the world; it has the largest reserves of energy and mineral...
View ArticleClik here to view.
The Russian ICC (III): the Community
Undoubtedly, many people mentally associate intelligence or Russian secret services – to be exact, Soviet – to the KGB (Komitet gosudárstvennoy bezopásnosti, Committee for State Security)....
View ArticleClik here to view.
The Russian ICC (IV): A bit of history: FAPSI
When talking about Russia in the area of cybersecurity or, more specifically, information warfare, we must by force mention the FAPSI (Federal Agency of Government Communication and Information),...
View ArticleClik here to view.
The good news from Yahoo
Yahoo has just acknowledged the theft of information relating to more than 1 billion customer account … in 2013. Yes, 3 years ago. Faced with this situation, different interpretations can be found:...
View ArticleClik here to view.
The Russian ICC (V): FSB
As we have indicated in previous posts, the FSB (Federal’nya Sluzhba Bezopasnosti) is the main heir of the KGB and the FAPSI; directed by Army General Alexander Bortnikov, whose breadth of...
View ArticleClik here to view.
Blockchain and Cybersecurity I
Blockchain. Maybe some of you have heard of it. Others maybe not. Inside some circles, Blockchain is a concept that is resonating with force, even though a fair amount of people does not comprehend...
View ArticleClik here to view.
The end of passwords … or not
It is more than said and proven that passwords are the key that gives access to our information, and hence we give them so much importance. Today we use passwords to access our emails, the bank, social...
View ArticleClik here to view.
Linux.Mirai: Attacking video surveillance systems
During the Olympic Games in Rio de Janeiro, one of our sensors in Brazil detected a particularly interesting intrusion into a honeypot TELNET service. This interaction used unusual credentials since...
View ArticleThe Russian ICC (I). Introduction: the Russians are coming!
We often talk about Russian APTs, Russian malware, Russian groups … But who are the “Russians”? We will analyze, in a series of posts, who “the Russians” really are, what Russia is (from the point of...
View ArticleThe Russian ICC (II). Context: Russia
Before talking about the Russian ICC, we must know that Russia is the largest country with the most kilometers (more than 20,000) in the world; it has the largest reserves of energy and mineral...
View ArticleClik here to view.
The Russian ICC (III): the Community
Undoubtedly, many people mentally associate intelligence or Russian secret services – to be exact, Soviet – to the KGB (Komitet gosudárstvennoy bezopásnosti, Committee for State Security)....
View ArticleClik here to view.
The Russian ICC (IV): A bit of history: FAPSI
When talking about Russia in the area of cybersecurity or, more specifically, information warfare, we must by force mention the FAPSI (Federal Agency of Government Communication and Information),...
View ArticleClik here to view.
The good news from Yahoo
Yahoo has just acknowledged the theft of information relating to more than 1 billion customer account … in 2013. Yes, 3 years ago. Faced with this situation, different interpretations can be found:...
View ArticleClik here to view.
The Russian ICC (V): FSB
As we have indicated in previous posts, the FSB (Federal’nya Sluzhba Bezopasnosti) is the main heir of the KGB and the FAPSI; directed by Army General Alexander Bortnikov, whose breadth of...
View ArticleClik here to view.
Malware Trends. December 2016
During this month of December we have observed from the malware laboratory of S2 Grupo various threats that we once again wanted to share with you. In this type of entries we will find known threats,...
View ArticleClik here to view.
Camouflage at encryption layer: domain fronting
In today’s post we are goint to talk about a somewhat old technique (although programs like Signal have recently started using it) that I have always found to be a really clever hack: domain fronting....
View ArticleClik here to view.
Simple domain fronting PoC with GAE C2 server
In this entry we continue with domain fronting; on this occasion we will explore how to implement a simple PoC of a command and control and exfiltration server on Google App Engine (GAE), and we will...
View ArticleClik here to view.
TLS client fingerprinting with Bro
In this post, we will play with Bro IDS as a client fingerprinting techniques exploration tool. As is known, during the initial TLS handshake (used, among others, by HTTPS on web browsers), a message...
View ArticleClik here to view.
Abusing corporate webmail for C&C and exfiltration
Let’s assume an organization that has basic security measures: workstations cannot make direct connections to the Internet, only being able to carry out web requests through a proxy server, which is...
View Article