A Lustrum of Malware Network Communication: Evolution and Insights

I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection. The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a…

Memory Forensics with Vshot and Remnux (code injection, 4)

With this post we are getting nearly to the end of these series of memory analyis with Vshot and Remnux. In this post we are covering some of the plugins to detect the most targeted and stealthy attacks you can find today out there. More often than in previous years, I am coming across more…

Hunting down Threat Infrastructure (2, with PassiveTotal)

It’s been a while since I wrote the first post on Threat infrastructure and I believe it will be beneficial for you to first go through it, if you have not done it yet. This will set the context to understand the issues we are trying to solve here. The first post explained how attackers…

Hunting down Threat Infrastructure (1)

In this two article series, I am going to explain how to spot anomalous activity in proxies and DNS queries coming out of your network. Additionally, I am also explaining how to recognize suspicious threat infrastructure, what elements you need to pay attention to, how this infrastructure behaves, what are the challenges for the defender and…

The ultimate targeted attack: Malvertisements

I am very surprised to see the title of this video, it should have included malvertising in it however if someone would have asked me about malvertising I would have undoubtedly answered ‘Elias Manousos’. Him and RiskIQ are today the pioneers in the field of external threat surface. The number of views demonstrate how low…

Bypassing Perimeter Security and Malware Evasion (3)

This will be the final post in which I am presenting one of the many infection and evasion techniques used by criminals today. In this article which I hope is shorter than the previous ones, https://samuelalonsog.wordpress.com/2015/08/14/bypassing-perimeter-security-and-malware-evasion-1/ and https://samuelalonsog.wordpress.com/2015/08/24/bypassing-perimeter-security-and-malware-evasion-2/ I presume you are currently competent with pcap analysis and Wireshark as the main aim of this…

Bypassing Perimeter Security and Malware Evasion (2)

This post is a continuation of Bypassing Perimeter Security and Malware Evasion (1) As discussed before the best way to understand how drived by downloads technique work to bypass modern cyberdefenses is with a network traffic analysis exercise. The get a full understanding of the technique we will have to look for answers to some…

Bypassing Perimeter Security and Malware Evasion (1)

I could have titled this article in many ways such as perimeter disintegration, endpoint security visibility still a problem or even exploit kit. The reality is that all of them are part of a bigger problem and it is how criminals are bypassing the security perimeter and getting inside the networks where organization´s most precious…