"Inhibiting Malicious Macros by Blocking Risky API Calls"

“Inhibiting Malicious Macros by Blocking Risky API Calls”

  Microsoft Office Macros have been the bane of security analysts' lives since the late 1990s. Their flexibility and functionality make them ideal for malware authors to use as a primary stage payload delivery mechanism, and to datethe challenge they pose remains unsolved. Many organisations refrain from blocking them completely ... Read More
"Leaving the Backdoor Open: Risk of Remotely Hosted Web Scripts"

“Leaving the Backdoor Open: Risk of Remotely Hosted Web Scripts”

  Many websites leverage externally hosted scripts to add a broad range of functionality, from user interaction tracking to reactive design. However, what you may not know is that by using them you are effectively handing over full controlof your content to the other party, and could be putting your ... Read More
"Automated Hunting of Software Update Supply Chain Attacks"

“Automated Hunting of Software Update Supply Chain Attacks”

  Software that automatically updates itself presents an attack surface, which can be leveraged en masse through the compromise of the vendor's infrastructure. This has been seen multiple times during 2017, with high profile examples includingNotPetya and CCleaner. Most large organisations have built robust perimeter defences for incoming and outgoing ... Read More
"Acquiring a Memory Dump from Fleeting Malware"

“Acquiring a Memory Dump from Fleeting Malware”

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores ... Read More
"Uncovering Targeted Web-Based Malware Through Shapeshifting"

“Uncovering Targeted Web-Based Malware Through Shapeshifting”

Targeted Web-Based Malware? Malware authors are frequently observed leveraging server side scripting on their infrastructure to evade detection and better target their attacks. This includes both exploit kits and servers hosting secondary stage payloads, all of which can easily be set up to alter their responses based on the footprint ... Read More