162 matches found
SNDBOX: AI-Powered Online Automated Malware Analysis Platform
Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...
Delphi Packer Looks for Human Behavior Before Deploying Payload
As bad actors continue to innovate in the area of sandbox evasion, the use of the Delphi programming language to pack malware code has become more and more prevalent. Researchers recently observed several spam campaigns using a specific packer written in Delphi that goes to great lengths to hunt...
MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework
Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...
Threat Roundup for July 20-27
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between July 20 and 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
COPPA Compliance
Interesting research: "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance...
Web Service Security Assessment Tool: WSSAT
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...
Encryption 101: Decryptor’s thought process
In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live example of a ransomware in detail, and talked about encryption weaknesses. In this part of the encryption 101 series, we will begin wrapping it up by going into detail on a ransomware with...
Python Scriptable Reverse Engineering Sandbox: PyREBox
PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to...
Debugging Complex Malware that Executes Code on the Heap
Introduction In this blog, I will share a simple debugging tactic for creating “save points” during iterative remote debugging of complex multi-stage samples that execute code in heap memory at non-deterministic addresses. I’ll share two examples: one contrived, and the other a complex, modular...
AndroTickler - Penetration Testing and Auditing Toolkit for Android Apps
A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during the...
Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)
Reflected XSS via GET parameter "to". Vulnerable Plugins: ------------------------------------------ 1. Clockwork Free and Paid SMS Notifications URL: https://wordpress.org/plugins/mediaburst-email-to-sms/ Version 2.0.3 | By Clockwork 2. Two-Factor Authentication - Clockwork SMS URL:...
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...
Talos Wins The 5th Volatility Plugin Contest With Pyrebox
Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyze operating system memory. The framework has existed since 2007. For the previous 5 years they have run a plugin contest to find the most innovative, interestin...
How to solve the Malwarebytes CrackMe: a step-by-step tutorial
The topic of this post is a Malwarebytes CrackMe—an exercise in malware analysis that I recently created. First, the challenge was created to serve internal purposes, but then it was released to the community on Twitter and triggered a lot of positive response. Thanks to all of you who sent in yo...
Analyzing malware by API calls
Over the last quarter, we've seen an increase in malware using packers, crypters, and protectors—all methods used to obfuscate malicious code from systems or programs attempting to identify it. These packers make it very hard, or next to impossible to perform static analysis. The growing number o...
A Modern Hypervisor as a Basis for a Sandbox
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment or vice versa, to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an...
rVMI: Perform Full System Analysis with Ease
Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...
rVMI: Perform Full System Analysis with Ease
Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...