Clik here to view.
Instegogram: Leveraging Instagram for C2 via Image Steganography
Social media sites are frequently used for stealthy malware command and control (C2). Because many hosts on most networks communicate with popular social media sites regularly, it is very easy for a C2...
View ArticleInfluencing Elections in the Digital Age
Throughout history, foreign entities have meddled in the internal affairs of other countries, including leadership duration, reputation, and elections of other countries. Whether it’s a coup receiving...
View ArticleClik here to view.
How to Hunt: Detecting Persistence & Evasion with the COM
After adversaries breach a system, they usually consider how they will maintain uninterrupted access through events such as system restarts. This uninterrupted access can be achieved through...
View ArticleClik here to view.
Hunting for Exploit Kits
E-mail spam and browser exploitation are two very popular avenues used by criminals to compromise computers. Most compromises result from human error, such as clicking a malicious link or downloading...
View ArticleClik here to view.
Is Hadoop Ready for Security?
Picture Source: artistsinspireartistsIn 2008, the number of internet-connected devices surpassed the number of people on the planet and Facebook overtook MySpace as the most popular social network. At...
View ArticleClik here to view.
Defeating the Latest Advances in Script Obfuscation
As the security research community develops newer and more sophisticated means for detecting and mitigating malware, malicious actors continue to look for ways to increase the size of their attack...
View ArticleHow to Hunt: The [File] Path Less Traveled
As any good hunter knows, one of the first quick-win indicators to look for is malware within designated download or temp folders. When users are targeted via spear phishing or browser based attacks,...
View ArticleIt's Time for Cyber Policy to Leapfrog to the Digital Age
InRise of the Machines, Thomas Rid details the first major digital data breach against the US government. The spy campaign began on October 7, 1996, and was later dubbed Moonlight Maze. This operation...
View ArticleClik here to view.
The Hard Thing About Safe Things
Information security needs a more accurate metaphor to represent the systems we secure. Invoking castles, fortresses and safes implies a single, at best layered, attack surface for security experts to...
View ArticleClik here to view.
Endgame Participates in Tough Mudder Benefitting Wounded Warrior Project
On April 20, over thirty Endgame employees, family members and friends participated in the Mid-Atlantic Spring 2013 Tough Mudder, supporting the Wounded Warrior Project. Funds raised for the Wounded...
View ArticleMicrosoft Win32k NULL Page Vulnerability Technical Analysis
Endgame has discovered and disclosed to Microsoft the Win32 NULL Page Vulnerability (CVE-2013-3881), which has been fixed in Microsoft’s October Security Bulletin, released October 8, 2013. The...
View ArticleClik here to view.
Storm Metrics How-To
If you have been following Storm’s updates over the past year, you may have noticed the metrics framework feature, added in version 0.9.0 New Storm metrics system PR. This provides nicer primitives...
View ArticleAndroid Is Still the King of Mobile Malware
According to F-Secure’s “Q1 2014 Mobile Threat Report”, the Android operating system was the main target of 99% of new mobile malware in Q1 2014. The report states that between January 1 and March 31,...
View ArticleVerizon's Data Breach Investigations Report: POS Intrusion Discovery
Verizon recently released its 2014 Data Breach Investigations Report. I could spend all day analyzing this, but I’ll touch on just one issue that’s been on many of our minds recently: Point-of-Sale...
View ArticleDEFCON Capture the Flag Qualification Challenge #1
I constantly challenge myself to gain deeper knowledge in reverse engineering, vulnerability discovery, and exploit mitigations. By day, I channel this knowledge and passion into my job as a security...
View ArticleTelecom as Critical Infrastructure: Looking Beyond the Cyber Threat
Much of the discussion around cyber security of critical infrastructure focuses on the debilitating impact of a cyber attack on a country’s energy, economic, and transportation backbone. But Russia’s...
View ArticleBlackshades: Why We Should Care About Old Malware
“Blackshades is so 2012” is the near response I received when I mentioned to a friend the recent FBI takedown of almost 100 Blackshades RAT dealers. This nonchalant, almost apathetic attitude towards...
View ArticleClik here to view.
DEFCON Capture the Flag Qualification Challenge #2
This is my second post in a series on DEFCON 22 CTF Qualifications. Last time I examined a problem called shitsco and gave a short overview of CTF. This week, I’d like to walk you through another...
View ArticleHow to Get Started in CTF
Over the past two weeks, I’ve examined two different problems from the DEFCON 22 CTF Qualifications: “shitsco” and “nonameyet”. Thank you for all of the comments and questions. The most popular...
View ArticleClik here to view.
Technical Analysis: Binary b41149.exe
In keeping with the theme of my previous post, “malware never truly dies – it just keeps on compromising”, today I’d like to investigate a binary that surfaced a couple of months ago. While the binary...
View Article