Category Archives: Paper

Behavior-driven development in malware analysis

A daily task of malware analysts is the extraction of behaviors from malicious binaries. Such behaviors include domain generation algorithms, cryptographic algorithms or deinstallation routines. Ideally, this tedious task would be automated. So far scientific solutions have not gotten beyond proof-ofconcepts. Malware analysts continue to reimplement behaviors of interest manually.

Malware instrumentation: application to Regin analysis

The complexity of the Regin malware underlines the importance of reverse engineering in modern incident response. The present study shows that such complexity can be overcome: substantial information about adversary tactics, techniques and procedures is obtained from reverse engineering. An introduction to the Regin development framework is provided along with

BoxBotNet

This talk is about «Hosted Box Botnets». A hosted box botnet, is a botnet of compromised web servers, usually using vulnerabilities in CMS on low cost hosted servers. I have followed an indonesian group which operates this kind of botnets and resells access to these powned servers. The amazing thing

Air-gap limitations and bypass techniques: “command and control” using Smart Electromagnetic Interferences

Air gaps are generally considered to be a very efficient information security protection. However, this technique also showed limitations, involving finding covert channels for bridging the air gap. Interestingly, recent publications have pointed out that a smart use of the intentional electromagnetic interferences introduced new threats for information security. In

« Older Entries