Close

Search

Category: Blog

Category: Blog

Bitcrypt 2 – Financial aspects

Some weeks ago, we have been blogging about a new ransomware called BitCrypt. To sum it up shorty, we had found a new ransomware which encrypted all pictures on the machine it infected, and asked the user to pay a ransom to get the files back. While we do not usually work on that kind

HINT Project will help to Detect Hardware Trojans in the Next Future

Hardware Trojans are considered to be an emerging threat for critical infrastructures. We are going to develop Hardware Trojans detection method in the European funded HINT project, that is described below. The security of modern ICT (Information and Communication Technology) systems relies on the authenticity and integrity of the software and hardware components used to

APT Kill chain – Part 1 : Definition

Today we decided to release a serie of blog posts regarding the APT kill chain, in an effort to share our experience and knowledge on this hot topic. For starters, “APT” stands for Advanced Persistent Threat. Some people do not use this word at all, considering that this acronym is just a buzzword, created by

APT Kill chain – Part 2 : Global view

 is. As we have seen, there are different definitions, and I bet nearly all companies working on APT incident handling do have their own definition. What every experienced APT incident responder agrees on, is the way APT attacks are conducted. The APT kill chain can be presented with some variations, depending on the detail level

APT Kill chain – Part 3: Reconnaissance

This blog post is part of a series on APT killchain. On this blog post we focus on the reconnaissance step. All the information written here comes directly from our observations and experience on APT incident handling and APT pentest simulations. Time for action has started. The attackers have chosen one target, now they have

APT Kill chain – Part 4 : Initial compromise

This blog post is part of a series on APT killchain. In the previous step, we’ve seen how the attacker used reconnaissance techniques to collect data on its target. Now we will focus on the initial compromise. At this stage, the APT attackers have a solid knowledge of their target and its key employees. The

The Eye of the Tiger

Cyber espionage has been a hot topic through the last years. Computer attacks known as “APT” (Advanced Persistent Threat) have become widely reported and emphasized by the media, damages are now considered as real and strategic trends are moving in cyber defense. Today, we decided to release publicly information on a specific group of APT

LeoUncia and OrcaRat

The PWC-named malware OrcaRat is presented as a new piece of malware but looking at the URI used for C&C communication, it could be an updated version of a well-known and kind of old piece of malware: LeoUncia. Status Let’s face it: px~NFEHrGXF9QA=2/5mGabiSKSCIqbiJwAKjf+Z81pOurL1xeCaw=1/xXiPyUqR/hBL9DW2nbQQEDwNXIYD3l5EkpfyrdVpVC8kp/4WeCaArZAnd+QEYVSY9QMw=2 URI taken from an OrcaRat sample.It looks a lot like: qFUtb6Sw/TytLfLsy/HnqI8QCX/ZRfFP9KL/_2yA9GIK/iufEXR2r/e6ZFBfoN/fcgL04f7/ZBzUuV5T/Balrp2Wm URI taken from

Dissecting Scapy-radio packets with Wireshark

The large adoption of wireless devices goes further than WiFi networks: smartmeters, wearable devices, etc. The engineers behind these new types of devices may not have a deep security background and it can lead to security and privacy issues when a particular technology is stressed. However, to assess the security of these devices, the only

APT Kill chain – Part 5 : Access Strenghtening and lateral movements

Being successful at compromising one or several workstations and/or servers from a targeted company is an important step for APT attackers. Just after the initial compromise step, there are 2 possible situations: The attacker managed to gain high privileges on the system. The attacker only managed to compromise machines with regular user privileges. More often

Back to top