Post about reverse-engineering a packer which has been used in the past year by the Hancitor malware family to evade security detection. The packer can also be linked to many other financially motivated attacks in the past.
Blog which discusses how the TrickBot banking trojan uses webinjects to alter the contents of banking websites with the goal of defrauding its victims. The post also discusses how banks may detect customers infected by TrickBot.
Post which discusses different types of malicious droppers (file extensions) which may be used as an attack vector. These malicious droppers are often used in the weaponization phase of the cyber kill chain with the goal of compromising a system.
Post which gives insight into how malware, which was allegedly used by the same group responsible for hacking the DNC and influencing the 2016 American elections, is built.
Post which discusses methods to track the Necurs botnet: a centrally controlled group of computers on which a backdoor is installed. The article explains how a threat intelligence tool, which tracks the malicious mails sent by the botnet, can be built.
Post which discusses how arbitrary code execution in a program can be achieved by exploiting a buffer overflow vulnerability
Post which discusses the Rig exploit kit: a kit used by cyber criminals to distribute malware. The kit abuses (exploits) flaws in outdated software in such a way that if a victim browses to a compromised site, its computer might get infected.
Blog that discusses the theory of the pyramid of pain (the potential of threat intell) in threat hunting
Post which discusses weaponized office documents: documents, e.g. a word or excel document, with embedded malware. The post discusses three ways to spread malware via office documents: VBA macros, OLE objects and microsoft office exploits.
Malware reverse engineering tutorial which explains how self-defending malware making use of packers can be dissected.
Post which discusses how malicious code is injected in compromised websites. The malicious code redirects visitors of the compromised website to an exploit kit.
Post which discusses the techniques used by Poweliks: malware which lives in the computers registry and which generates artificial traffic towards advertisement sites.
Post which discusses hunting for (security) vulnerabilities in Tinder. The post discusses a sensitive data exposure vulnerability in Tinder, which got fixed by Tinder within forty-eight hours.
Post which discusses the Dridex banking trojan: a virus which is able to steal information submitted to an online banking application. The stolen information (such as authentication codes) is used to defraud the victim at a later stage.
Post which discusses the Angler exploit kit: a kit used by cyber criminals to distribute malware. The kit abuses (exploits) flaws in outdated software in such a way that if a victim browses to a compromised site, its computer might get infected.
Article which explains PGP: an asymmetric encryption algorithm used to digitally sign a message or to encode a message in such a way that only the intended receiver is able to decode the message.