Clik here to view.
Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
Last summer, Stagefright became a household name after security researcher Joshua Drake highlighted vulnerabilities in the multimedia engine in Android that goes by the same name. His BlackHat USA talk...
View ArticleClik here to view.
Some Implications of the Brexit on the Digital Domain
The policy world will spend the day shocked that the Brexiteers defeated the Remainers by 52-48%, leading Prime Minister David Cameron to promise to resign this Fall. The majority of security...
View ArticleClik here to view.
Machine Learning: You Gotta Tame the Beast Before You Let It Out of Its Cage
Machine learning is a fashionable buzzword right now in infosec, and is often referenced as the key to next-gen, signature-less security. But along with all of the hype and buzz, there also is a...
View ArticleClik here to view.
It's a Bake-off!: Navigating the Evolving World of Machine Learning Models
In our previous blog, we reviewed some of the core fundamentals in machine learning with respect to malware classification. We provided several criteria for properly evaluating a machine learning...
View ArticleVegas Hacker Summer Camp 2016: Mind the Gap
"But the real magic comes when you take the expertise that you've got in security and you translate it and you rebuild it and you reform it. Don't be afraid to take the knowledge you have and make it...
View ArticleClik here to view.
Endpoint Malware Detection for the Hunt: Real-world Considerations
In the first blog post of this series, we discussed considerations for measuring and understanding the performance of machine learning models in information security. In the second post, we compared...
View ArticleClik here to view.
Capturing 0day Exploits with PERFectly Placed Hardware Traps
As we discussed in an earlier post, most defenses focus on the post-exploitation stage of the attack, by which point it is too late and the attacker will always maintain the advantage. Instead of...
View ArticleClik here to view.
Instegogram: Leveraging Instagram for C2 via Image Steganography
Social media sites are frequently used for stealthy malware command and control (C2). Because many hosts on most networks communicate with popular social media sites regularly, it is very easy for a C2...
View ArticleInfluencing Elections in the Digital Age
Throughout history, foreign entities have meddled in the internal affairs of other countries, including leadership duration, reputation, and elections of other countries. Whether it’s a coup receiving...
View ArticleClik here to view.
How to Hunt: Detecting Persistence & Evasion with the COM
After adversaries breach a system, they usually consider how they will maintain uninterrupted access through events such as system restarts. This uninterrupted access can be achieved through...
View ArticleClik here to view.
Hunting for Exploit Kits
E-mail spam and browser exploitation are two very popular avenues used by criminals to compromise computers. Most compromises result from human error, such as clicking a malicious link or downloading...
View ArticleClik here to view.
Is Hadoop Ready for Security?
Picture Source: artistsinspireartists In 2008, the number of internet-connected devices surpassed the number of people on the planet and Facebook overtook MySpace as the most popular social network....
View ArticleClik here to view.
Defeating the Latest Advances in Script Obfuscation
As the security research community develops newer and more sophisticated means for detecting and mitigating malware, malicious actors continue to look for ways to increase the size of their attack...
View ArticleHow to Hunt: The [File] Path Less Traveled
As any good hunter knows, one of the first quick-win indicators to look for is malware within designated download or temp folders. When users are targeted via spear phishing or browser based attacks,...
View ArticleIt's Time for Cyber Policy to Leapfrog to the Digital Age
InRise of the Machines, Thomas Rid details the first major digital data breach against the US government. The spy campaign began on October 7, 1996, and was later dubbed Moonlight Maze. This operation...
View ArticleClik here to view.
The Hard Thing About Safe Things
Information security needs a more accurate metaphor to represent the systems we secure. Invoking castles, fortresses and safes implies a single, at best layered, attack surface for security experts to...
View ArticleClik here to view.
Protecting the Financial Sector: Early Detection of Trojan.Odinaff
The financial sector continues to be a prime target for highly sophisticated, customized attacks for an obvious reason - that’s where the money is. Earlier this year, the SWIFT money transfer system...
View ArticleHow to Hunt: The Masquerade Ball
Masquerading was once conducted by the wealthiest elite at elaborate dances, allowing them to take on the guise of someone else and hide amidst the crowd. Today, we see digital masquerading used by the...
View ArticleClik here to view.
Endgame Research @ AISec: Deep DGA
Machine learning is often touted as a silver bullet, enabling big data to defeat cyber adversaries, or some other empty trope. Beneath the headlines, there is rigorous academic discourse and advances...
View ArticleClik here to view.
0 to 31337 Real Quick: Lessons Learned by Reversing the FLARE-On Challenge
The FireEye Labs Advanced Reverse Engineering (FLARE) team just hosted the third annual FLARE-On Challenge, its reverse-engineering CTF. The CTF is made up of linear challenges where one must solve the...
View Article