Enter the substitute teacher

Welcome to this weeks threat source newsletter with Jon out, youve got me as your substitute teacher. Im taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day, will I be the teacher that just rolls in the TV cart and delivers the single...

A new video series, Google Forms spam and the various gray areas of cyber attacks

I found the juxtaposition of stories on the Talos blog over the past week-plus kind of funny. On one hand, we had a massive story about Arid Viper, a Middle Eastern threat actor spreading spyware, one of the most dangerous types of malware out there right now, operating out of Gaza no less. Then,...

The Benefits of Building a Mature and Diverse Blue Team

A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy...

Get to Know Steve Povolny

Meet Steve Povolny Head of Advanced Threat Research for Trellix Threat Labs By Michael Alicea · May 17, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with Steve Povolny, Head of Advanced Threat Research for Trellix Threat Labs. As he is one of the leading...

PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python Remote Desktop Protocol RDP Monster-in-the-Middle MITM tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in th...

SAS 2021: Fireside chat with Chris Bing

How to build up a fascinating story from a hardcore APT report? Where to find details and how to work with information sources? Sitting by the virtual fireside, Brian Bartholomew Kaspersky GReAT and Christopher Bing Reuters will discuss how malware researchers and investigative journalists can he...

UPX Packed Headaches

Researching malware has many challenges. One of those challenges is obfuscated code and intentionally corrupted binaries. To address challenges like this, we've written a small tool in C that could fix intentionally corrupted binaries automatically. We also plan to open-source the project so othe...

[SECURITY] Fedora 33 Update: yara-4.1.0-1.fc33

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Talos takes home top research honors at Virus Bulletin conference

By Jon Munshaw Researchers from Cisco Talos brought up the top award at this year’s Virus Bulletin conference. Talos received the Péter Ször Award — named for the prolific security researcher who was a longtime contributor to Virus Bulletin and passed away in 2013 — for our research into several...

Virus Bulletin Publication And Presentation

Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task of making our...

The Ethics and Morality Behind APT Reports

DENVER—Investigations into state-sponsored APT campaigns are much more than black-and-white research into malware, exploits and zero-days. Behind the scenes, these can be geopolitical powder kegs that require moral examinations into the ethics of publishing public reports that could expose tools...

Pattern Matching Swiss Knife: YARA

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

yarGen - A Generator for Yara Rules (for malware researchers)

yarGen is a generator for Yara rules. What does yarGen do? The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files. Since version 0.14.0 it uses naive-bayes-classifier by Mustafa Atik and Nejdet Yucesoy in...

Rakabulle, Advance File Binder from DarkComet RAT Developer

I hope you all still remember the famous and powerful Remote Administration Tool RAT called 'Dark Comet', developed by a French computer geek 'Jean-Pierre Lesueur', also known as 'DarkCoderSc'. However, He had closed the Dark Comet project, when the Syrian government found to be using it to track...

Google Adds Online Malware Scanner VirusTotal To Security Lineup

Google made a significant addition to its security lineup Friday with its acquisition of online malware scanning service VirusTotal. Experts say the malware intelligence Google will have at its disposal would enhance not only existing products and services, but will backbone site safety rankings...

Debian Security Advisory DSA 2506-1 (libapache-mod-security)

The remote host is missing an update to libapache-mod-security announced via advisory DSA 2506-1. OpenVAS Vulnerability Test $Id: deb25061.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2506-1 libapache-mod-security Authors: Thomas Reinke Copyright:...

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

Adobe Shockwave Player Remote Code Execution (CVE-2012-2031)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Qualys Vulnerability & Malware Research Labs VMRL http://www.dissect.pe Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2012-2031 INTRODUCTION Adobe Shockwave Player is the Adobe plugin to many different browsers to view...

Worlds first windows 8 Bootkit to be released at MalCon

Worlds first windows 8 Bootkit to be released atMalCon It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world's first Windows 8 Bootkit which is planned to be released in India at the International Malware...

Stuxnet 3.0 to be possibility released at MalCon?

Stuxnet 3.0 to be possibility released at MalCon? Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper...