162 matches found
How to Implement Secure and Compliant IaC
Success lies in security True separation of developer and security teams is becoming a thing of the past. Today’s cloud environments enable deployments at previously unheard-of speed and scale; there simply isn’t time to build infrastructure, then code, then hand it all off for security...
How to Successfully Pursue a Career in Malware Analysis
Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferati...
Emulation of Kernel Mode Rootkits With Speakeasy
In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows...
Tracee - Container And System Event Tracing Using eBPF
Tracee is a lightweight and easy to use container and system tracing tool. It allows you to observe system calls and other system events in real-time. A unique feature of Tracee is that it will only trace newly created processes and containers that were started after Tracee has started, in order ...
Wsb-Detect - Tool To Detect If You Are Running In Windows Sandbox ("WSB")
wsb-detect enables you to detect if you are running in Windows Sandbox "WSB". The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox WSB for short. The...
Emulation of Malicious Shellcode With Speakeasy
In order to enable emulation of malware samples at scale, we have developed the Speakeasy emulation framework. Speakeasy aims to make it as easy as possible for users who are not malware analysts to acquire triage reports in an automated way, as well as enabling reverse engineers to write custom...
Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from...
UEFI scanner brings Microsoft Defender ATP protection to a new level
Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...
WhiteSource Software Application Vulnerability Management Injection Vulnerability
WhiteSource Software Application Vulnerability Management AVM is a suite of application vulnerability management platforms from WhiteSource Software. The platform is mainly used to view and synchronize the review of its static application security test results SAST, dynamic application security...
Exploit for Use After Free in Google Android
Android Kernel Vulnerability Overview In November 2017...
Unspecified Vulnerability in HCL Technologies AppScan Standard Edition
HCL Technologies AppScan Standard Edition is a suite of dynamic analysis testing tools from HCL Technologies, India, which is primarily used for web security testing. HCL Technologies AppScan Standard Edition suffers from an unspecified vulnerability that stems from an incorrect account lockout...
New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem
Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the abilit...
XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...
ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones
"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" is accepted to the 35th Annual Computer Security Applications Conference ACSAC 2019. https://relentless-warrior.github.io/wp-content/uploads/2019/11/atfuzz.pdf Abstract This paper focuses on checkin...
Binee: Outsmarting Malware with Next-Generation Process Emulation
The Problem with Malware Analysis Threat researchers get thousands of samples of malware every day and, as every researcher knows, it is very difficult to analyze them in a way that allows for intelligent decisions regarding whether a sample’s reputation is good or bad. There are already some qui...
Tencent HaboHaboMalHunter Security Bypass Vulnerability
Tencent Habo is a malware sample analysis and identification platform from Tencent. HaboMalHunter is a malware analysis tool that relies on the Dynamic Analysis Module, Static Analysis Module, and Task Scheduling Framework in a deep sandbox to automate the analysis of malicious samples. A securit...
CVE-2019-13125
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...
Jackhammer - One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems
One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the qualit...
SNDBOX: AI-Powered Online Automated Malware Analysis Platform
Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...