Clik here to view.
Disarming Control Flow Guard Using Advanced Code Reuse Attacks
Advanced exploitation is moving away from ROP-based code-reuse attacks. Over the last two years, there has been a flurry of papersrelated to one novel code-reuse attack, Counterfeit Object-Oriented...
View ArticleClik here to view.
No Experience Required: Ransomware in 2017 and Beyond
Much to the chagrin of the computer security industry, business executives, and people around the world, ransomware had a banner year in 2016. Hospitals, mass transit systems, hotels, and government...
View ArticleCyber Attacks, Bots and Disinformation in the French Election
At least as early as February, France’s intelligence agency warned that Russia aimed to influence the presidential elections in favor of Front National candidate, Marine LePen. Throughout the spring,...
View ArticleClik here to view.
Augmenting Analysts: To Bot or Not?
Earlier this year, we announced Artemis, Endgame’s chat interface to facilitate and expedite complex analyses and detection and response within networks. Bots have been all the rage over the last few...
View ArticleClik here to view.
Don't (W)Cry, You've Got Endgame
Three of the most prominent attack trends in cybersecurity converged today: ransomware attacks, data dumps of nation-state offensive capabilities, and an emergence of the healthcare industry as a...
View ArticleClik here to view.
WCry/WanaCry Ransomware Technical Analysis
As we discussed Friday when this outbreak began, the WCry or WanaCrypt0r ransomware spread quickly across Europe and Asia, impacting almost 100 countries and disrupting or closing 45 hospitals in the...
View ArticleClik here to view.
So You Wanna Stop Ransomware? Detailing Endgame Ransomware Protection
Last week, WannaCry left its mark across the globe, affecting hundreds of thousands of machines in over 100 countries. While it certainly has been more widespread than previous ransomware, WannaCry is...
View ArticleMicrosoft Win32k NULL Page Vulnerability Technical Analysis
Endgame has discovered and disclosed to Microsoft the Win32 NULL Page Vulnerability (CVE-2013-3881), which has been fixed in Microsoft’s October Security Bulletin, released October 8, 2013. The...
View ArticleAndroid Is Still the King of Mobile Malware
According to F-Secure’s “Q1 2014 Mobile Threat Report”, the Android operating system was the main target of 99% of new mobile malware in Q1 2014. The report states that between January 1 and March 31,...
View ArticleVerizon's Data Breach Investigations Report: POS Intrusion Discovery
Verizon recently released its 2014 Data Breach Investigations Report. I could spend all day analyzing this, but I’ll touch on just one issue that’s been on many of our minds recently: Point-of-Sale...
View ArticleDEFCON Capture the Flag Qualification Challenge #1
I constantly challenge myself to gain deeper knowledge in reverse engineering, vulnerability discovery, and exploit mitigations. By day, I channel this knowledge and passion into my job as a security...
View ArticleTelecom as Critical Infrastructure: Looking Beyond the Cyber Threat
Much of the discussion around cyber security of critical infrastructure focuses on the debilitating impact of a cyber attack on a country’s energy, economic, and transportation backbone. But Russia’s...
View ArticleBlackshades: Why We Should Care About Old Malware
“Blackshades is so 2012” is the near response I received when I mentioned to a friend the recent FBI takedown of almost 100 Blackshades RAT dealers. This nonchalant, almost apathetic attitude towards...
View ArticleClik here to view.
DEFCON Capture the Flag Qualification Challenge #2
This is my second post in a series on DEFCON 22 CTF Qualifications. Last time I examined a problem called shitsco and gave a short overview of CTF. This week, I’d like to walk you through another...
View ArticleHow to Get Started in CTF
Over the past two weeks, I’ve examined two different problems from the DEFCON 22 CTF Qualifications: “shitsco” and “nonameyet”. Thank you for all of the comments and questions. The most popular...
View ArticleClik here to view.
Technical Analysis: Binary b41149.exe
In keeping with the theme of my previous post, “malware never truly dies – it just keeps on compromising”, today I’d like to investigate a binary that surfaced a couple of months ago. While the binary...
View ArticleThe Great Divide: Closing the Gap in Cyber Analysis
In 2010, General Michael Flynn co-authored a report entitled Fixing Intel critiquing the threat-centric emphasis within counterinsurgency intelligence analysis. The report, which made waves in the...
View ArticleAnalysis: Three Observations About the Rise of the State in Shaping Cyberspace
Last month commemorated the 100th anniversary of the start of World War I. It was a time when states were so interdependent and borders so porous that some call it the first era of globalization. In...
View ArticleClik here to view.
Time Series Analysis for Network Security
Last week, I had the opportunity to attend a conference that had been on my radar for a long time. I’ve been using scientific Python tools for about 10 years, so it was with great excitement that I...
View ArticleClik here to view.
Building Security Threat Models for Time Series Analysis
In my last post, I talked about the different Python projects I used to put together a pipeline for network security data. In this post, I’ll talk about how I used the scientific computing software...
View Article