Tag Archive

Scanning for TR-069 is neither Cyber nor War

Published on November 30, 2016 By lynx

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

Published on November 9, 2016 By sanna

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis […]

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

Published on October 20, 2016 By sanna

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written […]

Thoughts on Lawful Malicious Software and its Impact on IT Infrastructure

Published on April 14, 2016 By sanna

During the premiere of „A Good American“ we had a chat with journalists. Markus Sulzbacher of Der Standard wanted to know what the implication of the so-called Bundestrojaner (litterally federal trojan, the colloquial German term for the concept of inserting government malware in order to extract information from a suspect’s computer and telephone devices). The […]

FBI, NSA, DoD and CDC join forces to combat Cyber Pathogens

Published on April 1, 2016 By lynx

The world economy is threatened by a new strain of microorganisms. These so-called cyber pathogens spread via networks and the touch of digital devices. They can also lie dormant for days and months, only to spring to life when the victim’s immune system is at its weakest point. It is widely believed that cyber pathogens […]

DeepSec Video: Building a Better Honeypot Network

Published on February 3, 2016 By lynx

„It’s a trap!“ is a well-known quote from a very well-known piece of science fiction. In information security you can use bait to attract malicious minds. The bait is called honeypot or honeynet (if you have a lot of honeypots tied together with network protocols). A honeypot allows you to study what your adversaries do […]

DeepSec Video: Deactivating Endpoint Protection Software in an Unauthorized Manner

Published on January 26, 2016 By lynx

The information technology world is full of fancy words that re-invent well-known and well-understood terms. Everyone is talking about the endpoint these days. Endpoint is the trusty old client in disguise. Plus the end in endpoint doesn’t means that something ends there. From the information security point of view all your troubles actually start there. […]

DeepSec 2015 Talk: Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks – Mordechai Guri & Yisroel Mirsky

Published on November 4, 2015 By sanna

Air does not conduct electricity, usually. Using air gaps between parts transporting electric power by high voltages is a standard method in electrical engineering. Similar strategies are used in information security. Compartmentalisation can be done by network components, logical/physical separation, solid walls, and space filled with air. The only threat you have to worry about […]

DeepSec 2014 Talk: Why Anti-Virus Software fails

Published on September 17, 2014 By lynx

Filtering inbound and outbound data is most certainly a part of your information security infrastructure. A prominent component are anti-virus content filters. Your desktop clients probably have one. Your emails will be first read by these filters. While techniques like this have been around for a long time, they regularly draw criticism. According to some […]

DeepSec 2013 Video: Europe In The Carna Botnet

Published on February 25, 2014 By lynx

Botnets serve a variety of purposes. Usually they are used to send unsolicited e-mail messages (a.k.a. spam), attack targets by sending crafted data packets, or to perform similar activities. The Carna Botnet was created by an anonymous researcher to scan the IPv4 Internet. The creator called the botnet the Internet Census of 2012. The nodes […]

DeepSec 2013 Video: Malware Datamining And Attribution

Published on February 7, 2014 By lynx

Popular culture totally loves forensics (judging by the number of TV shows revolving around the topic). When it comes to software a detailed analysis can be very insightful. Most malicious software isn’t written from scratch. Some components are being reused, some are slightly modified (to get past the pesky anti-virus filters). This means that (your) […]

DeepSec 2013 Talk: Malware Datamining And Attribution

Published on November 13, 2013 By lynx

The production of code leaves traces in the final binary. There can be debugging symbols present, which give you a lot of information. Maybe the binary has some commonly used libraries or functions. A lot of fingerprinting can be done with software. Why is this of interest? Well, there is the attribution problem of attacks […]

DeepSec 2013 Talk: My Name Is Hunter, Ponmocup Hunter

Published on November 12, 2013 By lynx

Defending one’s own resources against malicious software is daily business for information security professionals. Usually you deploy a range of measures and try to minimise the risk. It may or may not work, depending if you have to fear the mysterious Advanced Persistent Threat (APT). APTs are highly targeted, very stealthy and can greatly impact […]

DeepSec 2013 Talk: Easy Ways To Bypass Anti-Virus Systems

Published on October 31, 2013 By lynx

The Joys of Detecting Malicious Software Malicious software is all around us. It permeates the Internet by riding on data transmissions. Once you communicate, you risk getting in touch with malware (another name for malicious software). This is why every single one of us, be it individual, company or organisation, runs anti-virus software. The idea […]

DeepSec 2013 Talk: Europe In The Carna Botnet – Telnet’s Threat To The Largest Economy

Published on September 21, 2013 By lynx

Botnets have been around since 1999. These herds of networked and compromised systems (called zombies) are the tool of the trade for many groups. It’s the  zombie outbreak of the information age. The analysis of existing botnets is an important task of security researchers around the globe. The study of the malware involved, the infection […]