CERTs, CSIRTs and SOCs after 10 years from definitions

CERTs, CSIRTs and SOCs after 10 years from definitions

Nowadays is hard to give strong definitions on what are the differences between Security Operation Centers (SOC), Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) since they are widely used in many organisations accomplishing very closed and similar tasks. Robin Ruefle (2007) on her paper titled ... Read More
Control Flow Integrity: a Javascript Evasion Technique

Control Flow Integrity: a Javascript Evasion Technique

Understanding the real code behind a Malware is a great opportunity for Malware analysts, it would increase the chances to understand what the sample really does. Unfortunately it is not always possible figuring out the "real code", sometimes the Malware analyst needs to use tools like disassemblers or debuggers in ... Read More
Huge Botnet Attacking Italian Companies

Huge Botnet Attacking Italian Companies

On January 18 a colleague of mine (Luca) called me telling a malicious email was targeting Italian companies. This is the beginning of our new analysis adventure that Luca and I run together.The email pretended to be sent by "Ministero dell' Economia e delle Finanze" the Italian Department of Treasury ... Read More
Info Stealing: a new operation in the wild

Info Stealing: a new operation in the wild

Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code makes impossible to assert "This attack belongs to X". Indeed nowadays makes more sense talking about Attribution Probability rather then Attribution by itself. "This attack belongs to X with 65% of attribution probability" it would ... Read More
Unprotecting VBS Password Protected Office Files

Unprotecting VBS Password Protected Office Files

/
Hi folks,today I'd like to share a nice trick to unprotect password protected VB scripts into Office files. Nowadays it's easy to find out malicious contents wrapped into OLE files since such a file format has the capability to link objects into documents and viceversa. An object could be a ... Read More
Defence Belongs to Humans | Marco Ramilli | TEDxMilano

TEDxMilano: What a great adventure !

/
Hi folks, today I want to share my "output" of a super nice adventure I had this year which took me to actively participate to TEDxMilano. It is definitely one of the most exiting stage I've been so far.My usual readers would probably think: "Hey Man, you are a technical ... Read More
Advanced 'all in memory' CryptoWorm

Advanced ‘all in memory’ CryptoWorm

/
Introduction.Today I want to share a nice Malware analysis having an interesting flow. The "interesting" adjective comes from the abilities the given sample owns. Capabilities of exploiting, hard obfuscations and usage of advanced techniques to steal credentials and run commands. The analyzed sample has been provided by a colleague of ... Read More
TOPransom: From eMail Attachment to Powning the Attacker's Database

TOPransom: From eMail Attachment to Powning the Attacker’s Database

/
Hi folks, today I want to share a quick but intensive experience in fighting cybercrime. I wish you would appreciate the entire process from getting an email attachment to powning the ransom server trying to stop the infection and to alert everybody about the found threats. As a second step ... Read More
False Flag Attack on Multi Stage Delivery of Malware to Italian Organisations

False Flag Attack on Multi Stage Delivery of Malware to Italian Organisations

/
Everything started from a well edited Italian language email (given to me from a colleague of mine, thank you Luca!) reaching out many Italian companies. The Italian language email had a weird attachment: ordine_065.js (it would be "Order Form" in English) which appeared "quite malicious" to me.By editing the .js ... Read More
The Offensive Cyber Security Supply Chain

The Offensive Cyber Security Supply Chain

/
During the past few weeks some people asked me how to build a "cyber security offensive team". Since the recurring question I decided to write a little bit about my point of view and my past experiences on this topic without getting into details (no: procedures, methodologies, communication artifacts and ... Read More
Loading...