Category: All

Category: All

Bitcrypt 2 – Financial aspects

Some weeks ago, we have been blogging about a new ransomware called BitCrypt. To sum it up shorty, we had found a new ransomware which encrypted all pictures on the machine it infected, and asked the user to pay a ransom to get the files back. While we do not usually work on that kind

HINT Project will help to Detect Hardware Trojans in the Next Future

Hardware Trojans are considered to be an emerging threat for critical infrastructures. We are going to develop Hardware Trojans detection method in the European funded HINT project, that is described below. The security of modern ICT (Information and Communication Technology) systems relies on the authenticity and integrity of the software and hardware components used to

APT Kill chain – Part 1 : Definition

Today we decided to release a serie of blog posts regarding the APT kill chain, in an effort to share our experience and knowledge on this hot topic. For starters, “APT” stands for Advanced Persistent Threat. Some people do not use this word at all, considering that this acronym is just a buzzword, created by

APT Kill chain – Part 3: Reconnaissance

This blog post is part of a series on APT killchain. On this blog post we focus on the reconnaissance step. All the information written here comes directly from our observations and experience on APT incident handling and APT pentest simulations. Time for action has started. The attackers have chosen one target, now they have

APT Kill chain – Part 4 : Initial compromise

This blog post is part of a series on APT killchain. In the previous step, we’ve seen how the attacker used reconnaissance techniques to collect data on its target. Now we will focus on the initial compromise. At this stage, the APT attackers have a solid knowledge of their target and its key employees. The

The Eye of the Tiger

Cyber espionage has been a hot topic through the last years. Computer attacks known as “APT” (Advanced Persistent Threat) have become widely reported and emphasized by the media, damages are now considered as real and strategic trends are moving in cyber defense. Today, we decided to release publicly information on a specific group of APT

LeoUncia and OrcaRat

The PWC-named malware OrcaRat is presented as a new piece of malware but looking at the URI used for C&C communication, it could be an updated version of a well-known and kind of old piece of malware: LeoUncia. Status Let’s face it: px~NFEHrGXF9QA=2/5mGabiSKSCIqbiJwAKjf+Z81pOurL1xeCaw=1/xXiPyUqR/hBL9DW2nbQQEDwNXIYD3l5EkpfyrdVpVC8kp/4WeCaArZAnd+QEYVSY9QMw=2 URI taken from an OrcaRat sample.It looks a lot like: qFUtb6Sw/TytLfLsy/HnqI8QCX/ZRfFP9KL/_2yA9GIK/iufEXR2r/e6ZFBfoN/fcgL04f7/ZBzUuV5T/Balrp2Wm URI taken from

Dissecting Scapy-radio packets with Wireshark

The large adoption of wireless devices goes further than WiFi networks: smartmeters, wearable devices, etc. The engineers behind these new types of devices may not have a deep security background and it can lead to security and privacy issues when a particular technology is stressed. However, to assess the security of these devices, the only

APT Kill chain – Part 5 : Access Strenghtening and lateral movements

Being successful at compromising one or several workstations and/or servers from a targeted company is an important step for APT attackers. Just after the initial compromise step, there are 2 possible situations: The attacker managed to gain high privileges on the system. The attacker only managed to compromise machines with regular user privileges. More often

Vinself now with steganography

VinSelf is a known RAT malware already explained on other blogs . It’s a family that has been long used in APT attacks. VinSelf can be recognized in two ways: the network patterns used; the strings obfuscation in the binary. The VinSelf obfuscation algorithm is quite simple, but specific enough to state that samples using

Back to top