One of the latest trends in penetration testing and malware development is to weaponize the so-called Living Off the Land Binaries and Scripts (LOLBAS), i.e. scripts and binaries normally installed by default in Microsoft Windows. Attackers and pen testers have long relied on LOLBAS techniques, but there seems to be a resurgence of interest. Some built-in Windows binaries may support functionalities potentially allowing for co...

As we all learn to deal with this new, temporary norm, we must not sacrifice our convictions for strong cybersecurity. Hackers are currently taking advantage of the overnight vulnerability of panic and impulse decision making that arose with the novel coronavirus. By being proactive and thoughtful in our decision making, organizations and individuals can and will rise above this challenge. Although it can seem daunting during...

Today’s malware authors and exploit developers have automated methods of obfuscating their software, When these techniques are combined with other techniques (such as encryption and packers), they make automated and manual analysis very difficult. Static detection and blacklisting signatures are highly ineffective. YARA rules based on static signatures of assembly instructions can be easily circumvented by a tool like O-LLVM....

However, sometimes the answer to this question cannot be so clear-cut. Much depends on how valuable the information being held for ransom is for the organization and on how much downtime an organization can afford.

The executive’s laptop had the very latest version of a cloud-based, next-generation antivirus endpoint detection and response software, which is likely very good at stopping the majority of attacks and threats his organization might face. Unfortunately, these systems still rely on signatures and known TTPs (tactics, techniques, and procedures) to protect the user and even heuristics will not guarantee detection.

To sniff Wi-Fi, we use Alfa USB Wi-Fi adapter which connects to laptop via USB. For longer range sniffing, the 16 dBi Yagi antenna can be connected to the Wi-Fi adapter, and then to the laptop.

Today, much of the malware still operates via the same concept of infecting machines and spreading throughout networks. Due to this, it only makes sense to approach malware at its genetic level in order to find relationships, origins, and leads that may aid in investigations of malware and threat actors, and add value to organizations that are trying to defend against various types of threats. Polito has tested a tool called I...

Speakers at the event were CEOs and Managing Directors from companies such as, Accenture Federal Services, RunSafe Security, George Mason University, and the Sovrin Foundation. Starting us off, Ira A. (Gus) Hunt, Managing Director and Cyber Strategy Lead of Accenture, covered an interesting topic of Cyber Resilience and how there is no such thing as absolute security. He asserted that it is the job of each Cyber Security compa...

At Polito Inc., our forensic experts often rely on X-Ways Forensics to rapidly acquire and analyze digital computer evidence. X-Ways Forensics is an increasingly popular tool in the Digital Forensics and Incident Response (DFIR) community largely due to its speed, reliability, and useful features such as support for a wide array of image formats, multi-threaded regex/keyword searching and file hashing, and 3rd party extensions...

There is a lot of confusion over deep web vs. dark web; they are often used interchangeably, which is wrong. In essence the term “deep web” simply means anything that a search engine cannot find or is not indexed, while the term “dark web” is going a little deeper under the surface and is classified as a small portion of the deep web that is intentionally hidden and inaccessible through standard web browsers.