Malware Posts

Mar 3, 2020
9 min

Automated Obfuscation of Windows Malware and Exploits Using O-LLVM

Today’s malware authors and exploit developers have automated methods of obfuscating their software, When these techniques are combined with

Ransomware Attacks Are on the Rise, Should You Pay the Ransom?

Mattia Campagnano

Feb 3, 2020
9 min

Ransomware Attacks Are on the Rise, Should You Pay the Ransom?

However, sometimes the answer to this question cannot be so clear-cut. Much depends on how valuable the information being held for ransom is

The CISO asked me to run Ransomware on his laptop

Fred Mastrippolito

Jun 18, 2019
2 min

The CISO asked me to run Ransomware on his laptop

The executive’s laptop had the very latest version of a cloud-based, next-generation antivirus endpoint detection and response software, whi

Using Intezer Analyze to Reveal Malware Ancestry and Assist Incident Response and Forensic Investiga

Liana Parakesyan

Feb 21, 2019
4 min

Using Intezer Analyze to Reveal Malware Ancestry and Assist Incident Response and Forensic Investiga

Today, much of the malware still operates via the same concept of infecting machines and spreading throughout networks. Due to this, it only

Ian Duffy

Nov 15, 2017
4 min

Unpacking script2exe Malware

Script2exe functions by packaging the original VBScript as an encrypted resource within a PE stub. The original script is retained in the EX

AppLocker and Software Restriction Policies

Polito, Inc.

Oct 3, 2017
3 min

AppLocker and Software Restriction Policies

*This blog entry was originally published on July 5, 2017 on the original Polito Blog by Ian Duffy. It was re-posted on October 3, 2017...

Prepare for Ransomware: Delivery and Defense (Part 3 in a Series on Ransomware)

Polito, Inc.

Oct 3, 2017
8 min

Prepare for Ransomware: Delivery and Defense (Part 3 in a Series on Ransomware)

*This blog entry was originally published on January 13, 2017 on the original Polito Blog by Roman Romanenco. It was re-posted on October...

Deconstructing the Ransomware Kill Chain (Part 2 in a Series on Ransomware)

Polito, Inc.

Oct 3, 2017
5 min

Deconstructing the Ransomware Kill Chain (Part 2 in a Series on Ransomware)

*This blog entry was originally published on August 19, 2016 on the original Polito Blog by Roman Romanenco. It was re-posted on October...

The Proliferation of Ransomware (Part 1 in a Series on Ransomware)

Polito, Inc.

Oct 3, 2017
5 min

The Proliferation of Ransomware (Part 1 in a Series on Ransomware)

*This blog entry was originally published on July 18, 2016 on the original Polito Blog by Roman Romanenco. It was re-posted on October 3,...

Polito, Inc.

Oct 3, 2017
5 min

Unwrap Your Malware

*This blog entry was originally published on June 23, 2015 on the original Polito Blog. It was re-posted on October 3, 2017 due to...

The Simplicity of VBA Malware (Part 2 of 2)

Polito, Inc.

Oct 3, 2017
7 min

The Simplicity of VBA Malware (Part 2 of 2)

*This blog entry was originally published on January 28, 2016 on the original Polito Blog. It was re-posted on October 3, 2017 due to...

The Simplicity of VBA Malware (Part 1 of 2)

Polito, Inc.

Oct 3, 2017
5 min

The Simplicity of VBA Malware (Part 1 of 2)

*This blog entry was originally published on January 4, 2016 on the original Polito Blog. It was re-posted on October 3, 2017 due to...

Ian Duffy

Jul 5, 2017
2 min

AppLocker and Software Restriction Policies

Over the course of several recent engagements which have involved malware analysis as part of incident response activities, a common theme h

Roman Romanenco

Jan 13, 2017
8 min

Prepare for Ransomware: Delivery and Defense (Part 3 in a Series on Ransomware)

Understanding the individualized ransomware delivery tactics allows us to determine what countermeasures and defense techniques can be put i

Roman Romanenco

Aug 19, 2016
5 min

Deconstructing the Ransomware Kill Chain (Part 2 in a Series on Ransomware)

Understanding each stage of the ransomware kill chain allows us to determine what countermeasures and defense techniques can be put in place

Roman Romanenco

Jul 18, 2016
5 min

The Proliferation of Ransomware (Part 1 in a Series on Ransomware)

Crypto-ransomware (often referred to as simply ransomware, including here) is a type of malware that maliciously encrypts victim files (focu

Polito, Inc.

Jun 23, 2016
5 min

Unwrap Your Malware

Wrapped files have a script or executable in their body, which they drop and run upon execution; e.g., an EXE file drops a batch script in t

Robin Williams

Jan 29, 2016
7 min

The Simplicity of VBA Malware (Part 2 of 2)

Dridex can typically be detected on a compromised machine by looking for some if its hallmark artifacts. It does not set a persistence key i

Robin Williams

Jan 5, 2016
5 min

The Simplicity of VBA Malware (Part 1 of 2)

Macro malware targets Microsoft Office applications (Word, Excel, etc.). Malicious VBA macros are used to infect anyone who opens the file,

Automated Obfuscation of Windows Malware and Exploits Using O-LLVM

Ransomware Attacks Are on the Rise, Should You Pay the Ransom?

The CISO asked me to run Ransomware on his laptop

Using Intezer Analyze to Reveal Malware Ancestry and Assist Incident Response and Forensic Investiga

Unpacking script2exe Malware

AppLocker and Software Restriction Policies

Prepare for Ransomware: Delivery and Defense (Part 3 in a Series on Ransomware)

Deconstructing the Ransomware Kill Chain (Part 2 in a Series on Ransomware)

The Proliferation of Ransomware (Part 1 in a Series on Ransomware)

Unwrap Your Malware

The Simplicity of VBA Malware (Part 2 of 2)

The Simplicity of VBA Malware (Part 1 of 2)

AppLocker and Software Restriction Policies

Prepare for Ransomware: Delivery and Defense (Part 3 in a Series on Ransomware)

Deconstructing the Ransomware Kill Chain (Part 2 in a Series on Ransomware)

The Proliferation of Ransomware (Part 1 in a Series on Ransomware)

Unwrap Your Malware

The Simplicity of VBA Malware (Part 2 of 2)

The Simplicity of VBA Malware (Part 1 of 2)

Contact Us

Our Address

Call Us