Blog Posts

Zloader Reversing

Aka: ZeusLoader, Deloader, Terdot, Zbot is a malware family that downloads Zeus OpenSSL. Parts of the source code of Zeus were leaked back in 2010 [1] and since couple of versions been forked. Each of the version has its malicious capabilities, but all in common do info stealing specially banking information. Zeus in its core … Continue reading Zloader Reversing

Dissecting binaries from Egomaniac attack with API hashing technique

PDF files could be still on going attack vector depending on vulnerabilities that been discovered. In this sample the attacker used an old CVE-2010-2883 that performs stack-based buffer overflow for Adobe Reader and Acrobat of version 9.x before 9.4, and 8.x before 8.2.5 on Windows. This vulnerability allows the attacker to execute arbitrary code or … Continue reading Dissecting binaries from Egomaniac attack with API hashing technique

IcedID Analysis

IcedID aka (BokBot) is banking malware designed to steal financial information. Lunar Spider is the threat actor behind IcedID which they’ve been running campaigns since at least 2017. Beside stealing banking information, some incident show that IcedID is an entry stage to ransomware or RAT attack. It’s been observed lately that the threat actor has … Continue reading IcedID Analysis

SolarWinds Attack Plan A: The Imposter

The on-going investigation of SUNBURST/Solorigate supply-chain attack led by FireEye and Microsoft threat teams have reached to the second stage of the attack SUNSHUTTLE [3] [4]. More backdoors and C2 servers been discovered each time disclosing a stage of this wide and massive attack. Estimating the attacker distributed the SUNBURST during March 2020 [5] from … Continue reading SolarWinds Attack Plan A: The Imposter

Loading…

Something went wrong. Please refresh the page and/or try again.

About Me

Cybersecurity and reverse engineer malware analyst professional with 10 years of progressive experience. operating within public and private domains. Specialized in delivering cybersecurity and system competitive solutions and developing training paths. Experienced with security operation, threat analysis, and incident response at scale. Adept at project management of new agile solutions, and learning new hard skills

featured blog post tweets