Hello World
A quick introduction of the blog`s topics, collaborators and guidelines. This is a sticky post.
A quick introduction of the blog`s topics, collaborators and guidelines. This is a sticky post.
Summary Call stack spoofing isn’t a new technique, but it has become more popular in the last few years. Call stacks are a telemetry source for EDR software that can be used to determine if a process made suspicious actions (requesting a handle to the lsass process, writing suspicious code to a newly allocated area,
Call stack spoofing explained using APT41 malware Read More »
Summary According to BleepingComputer, a ransomware attack that occurred starting 0n February 11 forced 100 hospitals across Romania to take their systems offline. BackMyData ransomware, which took credit for it, belongs to the Phobos family. The malware embedded an AES key that is used to decrypt its configuration containing whitelisted extensions, files, and directories, a
A technical analysis of the BackMyData ransomware used to attack hospitals in Romania Read More »
This blog post is a continuation of a previous one. We’ve recently seen a YouTube ad that presented a “unique” opportunity to invest in stocks. The attackers used a legitimate Podcast that was modified using AI. We believe that the account promoting the unlisted video was compromised https[:]//www.youtube[.]com/watch?v=rFk6gcrUuIE: The targeted users are advised to contact
Attackers target Romania using AI-generated videos Read More »
In this blog post, we’re going to look at a campaign that reveals recently created domains impersonating known Romanian gas companies. It all started with an ad on YouTube that featured a suspicious domain related to the legitimate RoEnergy Trade Fair. The ad was voiced in Romanian using an automatic translator. The website hosted on
Attackers impersonate Romanian Gas Companies – OSINT Investigation Read More »
Summary Brute Ratel C4 is a Red Team & Adversary Simulation software that can be considered an alternative to Cobalt Strike. In this blog post, we’re presenting a technical analysis of a Brute Ratel badger/agent that doesn’t implement all the recent features of the framework. There aren’t a lot of Brute Ratel samples available in
A Deep Dive into Brute Ratel C4 payloads – Part 2 Read More »
Summary Brute Ratel C4 is a Red Team & Adversary Simulation software that can be considered an alternative to Cobalt Strike. In this blog post, we’re presenting a technical analysis of a Brute Ratel badger/agent that doesn’t implement all the recent features of the framework. There aren’t a lot of Brute Ratel samples available in
A Deep Dive into Brute Ratel C4 payloads Read More »
Summary SALTWATER is a backdoor that has been used in the exploitation of the Barracuda 0-day vulnerability CVE-2023-2868. It is a module for the Barracuda SMTP daemon called bsmtpd. The malware hooked the recv, send, and close functions using an open-source hooking library called funchook. The following functionalities are implemented: execute arbitrary commands, download and
Summary DEP (Data Execution Prevention) is a memory protection feature that allows the system to mark memory pages as non-executable. ROP (Return-oriented programming) is an exploit technique that allows an attacker to execute shellcode with protections such as DEP enabled. In this blog post, we will present the reverse engineering process of an application in
A step-by-step introduction to the use of ROP gadgets to bypass DEP Read More »
Summary Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we’ve found out that vendors wrongly attributed
A technical analysis of Pegasus for Android – Part 3 Read More »
Summary Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we’ve found out
A technical analysis of Pegasus for Android – Part 2 Read More »