Mysterious Macintosh Malware
-
This is weird:
Once an hour, infected Macs check a control server to see if there are any
new commands the malware should run or binaries to execute. So ...
Infrastructure Hygiene: Success and Consistency
-
Posted under: Research and Analysis
We went through the risks and challenges of infrastructure hygiene, and
then various approaches for fixing the vulnera...
Overview of Content Published in February
-
Here is an overview of content I published in February: Blog posts: Update:
oledump.py Version 0.0.59 Quickpost: oledump.py plugin_biff.py: Remove
Sheet Pr...
The Future of the FTC: Part I
-
Ryan Blaney and Brooke Gottlieb
On January 21, 2021, President Biden designated Federal Trade Commission
(the “FTC”) Commissioner Rebecca Kelly Slaughter...
Linkedin Learning
-
I am very excited to announce that Linkedin Learning has released “Threat
Modeling: Denial of Service and Elevation of Privilege.” This is the sixth
course...
Driver fingerprinting
-
When your driving style is as unique as your signature Perhaps it doesn’t
come as a surprise that we all have unique driving styles. My father is a
calm, s...
How You Can Start Learning Malware Analysis
-
Malware analysis sits at the intersection of incident response, forensics,
system and network administration, security monitoring, and software
engineering...
2020-12-13 SUNBURST SolarWinds Backdoor samples
-
*Reference*
I am sure you all saw the news.
2020-12-13 Fireeye
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
Multiple Glo...
Ok Google: please publish your DKIM secret keys
-
The Internet is a dangerous place in the best of times. Sometimes Internet
engineers find ways to mitigate the worst of these threats, and sometimes
they f...
WeirdAAL update - get EC2 snapshots
-
I watched a good DEF CON video on abusing public AWS Snapshots
https://www.youtube.com/watch?v=-LGR63yCTts
I, of course, wanted to check this out. There a...
Youtube channel
-
I've continued to make updates to the python version of satori and have put
a lot of time in the past few weeks to updating fingerprints and fixing
some mi...
SSTIC 2018
-
Nous sommes en 2018. Fuites de données, attaques massives, failles
structurelles, le monde constate chaque jour un peu plus à quel point la
sécurité est ...
In Which You Get a Chance to Save Democracy
-
Let’s start with the end: you can do something to change the broken
political landscape in the United States, but you have to act quickly.
Here’s a link to...
En français svp?
-
Mir stelle fest, datt graff vereinfacht, zu Lëtzebuerg 100.000 Lëtzebuerger
schaffen, 100.000 net-Lëtzebuerger Residenten an 200.000 Frontalieren. Datt
ënn...
VulnHub Stapler 1 Solution 2
-
You can find Solution 1 here.
After spending a night on this, I finally managed to solve the 2nd way to
get limited shell on this box. Let's see how this ...
McAfee SiteList.xml password decryption
-
Recently, a very good friend of mine (@Sn0rkY) pointed me out the story of
a pentester who recovered the encrypted passwords from a McAfee
SiteList.xml fil...
Learning SDR
-
I recently launched Software Defined Radio with HackRF, an instructional
video series that I hope will make it easier than ever for people to learn
the bas...
USENIX Security Symposium Slides
-
We're very happy to present the paper
Revisiting SSL/TLS Implementations - New Bleichenbacher Side Channels and
Attacks
by Christopher Meyer, Juraj Somo...
New Insights into Email Spam Operations
-
Our group has been studying spamming botnets for a while, and our efforts
in developing mitigation techniques and taking down botnets have
contributed in d...
RSA Announces End of RSA Security Conference
-
Aims to bring clarity to cloudy marketing messages through exhibit hall
chotskies Bedford, MA., – April 1, 2014 – RSA, the security division of
EMC, today ...
Samsung Galaxy S5 could be cheaper than Galaxy S4
-
Good news for would-be Samsung Galaxy S5 customers - the main smartphone
may end up being more economical as opposed to Galaxy S4 was when it
established. ...
Why I _am_ Speaking At RSA 2014
-
There’s been quite a bit of drama with regards to whether or not to boycott
the RSA conference over a deal that the RSA security vendor had made with
the N...
Router backdoor reloaded...
-
S i vous avez aimé l'histoire de la backdoor D-Link, vous allez A-DO-RER
celle-ci. C'est encore sur /dev/ttyS0 que ça se passe, où on apprend que
les route...
One year after, end of Magnificent 7 project !
-
It has been a year already since the start of the Magnificient 7 program !
So what happened during this year ? We added some features to enhance your
analy...
Mobile Device Forensics - Course Update
-
It's been a few weeks since the last update, but things have been busy. The
Fall 2012 term is now in Week 5 (wow, the semester is flying by). We've
covered...
NWScript JIT engine: Wrap-up (for now)
-
Yesterday, I provided a brief performance overview of the MSIL JIT backend
versus my implementation of an interpretive VM for various workloads.
Today, I’l...