Malicious eFax Attachments Can Potentially Steal Your Microsoft O365 Password
Phishing attack observed by Polito, Inc., which uses an obfuscated JavaScript attachment to show how to analyze the malicious attack.
top of page
Search
Wade Ma
- Mar 3, 2020
- 9 min
Automated Obfuscation of Windows Malware and Exploits Using O-LLVM
Today’s malware authors and exploit developers have automated methods of obfuscating their software, When these techniques are combined with
Fred Mastrippolito
- Jun 18, 2019
- 2 min
The CISO asked me to run Ransomware on his laptop
The executive’s laptop had the very latest version of a cloud-based, next-generation antivirus endpoint detection and response software, whi
Liana Parakesyan
- Feb 21, 2019
- 4 min
Using Intezer Analyze to Reveal Malware Ancestry and Assist IR and Forensic Investigations
Today, much of the malware still operates via the same concept of infecting machines and spreading throughout networks. Due to this, it only
Ian Duffy
- Nov 14, 2017
- 4 min
Unpacking script2exe Malware
Script2exe functions by packaging the original VBScript as an encrypted resource within a PE stub. The original script is retained in the EX
Roman Romanenco
- Jan 13, 2017
- 8 min
Prepare for Ransomware: Delivery and Defense (Part 3 in a Series on Ransomware)
Understanding the individualized ransomware delivery tactics allows us to determine what countermeasures and defense techniques can be put i
Roman Romanenco
- Aug 18, 2016
- 5 min
Deconstructing the Ransomware Kill Chain (Part 2 in a Series on Ransomware)
Understanding each stage of the ransomware kill chain allows us to determine what countermeasures and defense techniques can be put in place
Roman Romanenco
- Jul 17, 2016
- 5 min
The Proliferation of Ransomware (Part 1 in a Series on Ransomware)
Crypto-ransomware (often referred to as simply ransomware, including here) is a type of malware that maliciously encrypts victim files (focu
peterpolito
- Jun 22, 2016
- 5 min
Unwrap Your Malware
Wrapped files have a script or executable in their body, which they drop and run upon execution; e.g., an EXE file drops a batch script in t
Robin Williams
- Jan 28, 2016
- 7 min
The Simplicity of VBA Malware (Part 2 of 2)
Dridex can typically be detected on a compromised machine by looking for some if its hallmark artifacts. It does not set a persistence key i
Robin Williams
- Jan 4, 2016
- 5 min
The Simplicity of VBA Malware (Part 1 of 2)
Macro malware targets Microsoft Office applications (Word, Excel, etc.). Malicious VBA macros are used to infect anyone who opens the file,
bottom of page