Endpoint Security Malware Terms for Non-Techies – Code Entropy December 15, 2016 by arpit Complex jargon abounds in cyber security and certain terms are widely used but little understood by anyone other than malware analysts. To help clear away a bit of the confusion, we’ll be breaking down some of these esoteric concepts, giving them practical, meaningful value. The first concept we are looking at is code entropy. To […] Read more » Code-Entropy Malware
Endpoint Security How Cyberbit EDR detected a locky ransomware attack that 22 endpoint security solutions missed December 13, 2016 by arpit On December 5th 2016 a large organization approached Cyberbit to investigate a ransomware attack. This organization is one of the world’s leading logistics and transportation companies, employing over 30,000 people. The attack had evaded all endpoint security solution over 24 hours prior to contacting Cyberbit, and begun encrypting employee workstation hard drives. The organization contacted […] Read more » Ransomware
Endpoint Security 5 Open Source Malware Tools You Should Have in Your Arsenal November 28, 2016 by arpit Analysts use open source malware analysis tools to protect from and predict future attacks and to share knowledge among each other. It’s no secret that distributing malware is a big business and the rapidly rising malware epidemic is only going to grow in ability and efficiency in the coming years. As malware trading forums proliferate […] Read more » Malware
Endpoint Security Anti-VM and Anti-Sandbox Explained August 5, 2016 by arpit | 99 Comments on Anti-VM and Anti-Sandbox Explained This article is intended for malware analysts, investigators, and security system developers, and explains the key tactics used by malware authors to detect and evade virtual environments often used in the security analysis process. The article will detail the key anti-VM tactics we’ve encountered during our research activity and will provide information allowing you to: […] Read more » Sandbox
Endpoint Security Locky Ransomware: New Evasion Techniques Discovered June 30, 2016 by arpit | 95 Comments on Locky Ransomware: New Evasion Techniques Discovered Cyberbit’s Advanced Malware Research Group has recently discovered new evasion techniques used in the new Locky ransomware campaign. Locky, one of the most dominant ransomware, has recently reappeared in the wild after a pause of several weeks. The new campaign introduces new techniques for evading automatic analysis systems, such as virtualized sandboxes. FireEye analyzed one […] Read more » Locky Ransomware
Endpoint Security Serialization Vulnerabilities Explained June 6, 2016 by arpit | 90 Comments on Serialization Vulnerabilities Explained Remote code execution Overview Serialization is a useful and widely supported feature. However, it also provides an easy target for hackers to try and execute malicious commands using the external shell. This article will demonstrate, by using code samples, how serialization vulnerabilities can be exploited to execute commands remotely, and how, by implementing secure coding […] Read more »
Endpoint Security Unpacking Dyre Part I May 29, 2016 by arpit | 97 Comments on Unpacking Dyre Part I Edited by Alon Slotky Dyre had become one of the most dangerous financial Trojans, targeting login credentials for banks accounts and other online services via Man-in-the-Browser exploits. In this post we will look into the mechanism of Dyre unpacking its own code. Dyre executes an obfuscated shellcode from its own .text section. In the flow […] Read more »
Endpoint Security How does Dridex gain persistency January 13, 2016 by arpit | 102 Comments on How does Dridex gain persistency Several researchers have noticed that Dridex does not guarantee its own persistency until it absolutely has to, just a moment before shutdown. This tactic allows Dridex to hardly leave any footprint on the file system and registry, making it harder to detect and remove. How does it do it? In Windows, every window has a […] Read more » Dridex Malware