Posts tagged Malware

3 min Malware

"Skeleton Key" Exhibits Increased Blending Of Credentials And Malware

Dell SecureWorks published a very informative blog [http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/] this week about a new type of malware they have appropriately labeled “Skeleton Key”. Our community manager quickly wrote a note of appreciation for setting a great example through disclosure and a quick mitigation strategy [/2015/01/14/effective-information-sharing-exposing-skeleton-key?et=watches.email.blog] that every security professional should

2 min Malware

Empowering practitioners, exposing Skeleton Key

This week, the Dell SecureWorks Counter Threat Unit (CTU) disclosed that it discovered a strain of malware [http://www.zdnet.com/article/skeleton-key-malware-bypasses-authentication-on-corporate-networks/] that can bypass single-factor authentication on Microsoft Active Directory (AD) systems to access various remote access services while authenticated as any user. The research team discovered this malware, dubbed "Skeleton Key", while working on an incident response case, and they published th

3 min Antivirus

Won't Someone Think of The AV Vendors?

Got Too Many Shells? Since the release of Metasploit 4.9, have you, the dedicated and resourceful penetration tester, been having is problem with being too successful at skipping past the defender's detection efforts [/2014/03/26/new-metasploit-49-helps-evade-anti-virus-solutions-test-network-segmentation-and-increase-productivity-for-penetration-testers] ? Are you getting too many shells? Maybe you're getting a little embarrassed for the IT guys who are wondering what the heck just happened

2 min Metasploit

Federal Friday - 1.10.14 - Welcome to 2014

Happy New Year federal friends! I hope each and every one of you have had a great holiday season with your families and friends. I know I had a nice quiet week off, until Hercules dropped some snow and most of us were slapped in the face with a nice Polar Vortex session. Now it's time to hop back on the horse and charge head first into 2014. In the wake of the massive Target breach that ended 2013, DHS has started 2014 off with a nice shot across the bow for anyone using POS systems and any org

4 min Cloud Infrastructure

2014 Predictions: Cloudy With a Chance of Data Loss

It's the start of a new year, and over the holidays I asked the security researchers and aficionados at Rapid7 to dust off their crystal balls, deal out their tarot cards, throw down their runes, and study their tea leaves to come up with predictions for security trends in 2014. Once they stopped heckling me, they did agree to share their insights for what we may see in the coming year, and without so much as a suggestion of killing a goat. Here are seven of their predictions (yes, yes, we like

3 min Phishing

Federal Friday - 12.13.13 - Phishing with Tumblr and Pricing for Worms

Happy Friday fed friends! Another week comes to a close leaving us with 12 days to finish up the holiday shopping. Word out of the North Pole is that Santa has a new tool [http://www.rapid7.com/products/user-insight/] to check who's been naughty or nice this year . There have already been more than a few articles floating around with 2014 predictions for cyberthreats and many of them, including this little diddy from GCN [http://gcn.com/articles/2013/12/11/cybersecurity-threats-2014.aspx?admga

9 min Malware

ByeBye Shell and the targeting of Pakistan

Asia and South Asia are a theater for daily attacks and numerous ongoing espionage campaigns between neighboring countries, so many campaigns that it's hard to keep count. Recently I stumbled on yet another one, which appears to have been active since at least the beginning of the year, and seems mostly directed at Pakistani targets. In this article we're going to analyze the nature of the attacks, the functionality of the backdoor - here labelled as ByeBye Shell - and the quick interaction I h

4 min Events

Federal Friday: Weekly Recap 7.26.13

Ah, summer in New England… From a new record high last week of 99 degrees during our company picnic, to a balmy 58 degrees when I woke up this morning. Drastic change in the weather is almost a daily occurrence for us hearty, chowder eating New Englanders. Change is also coming to much federal, state, and local agencies look to ramp up or enhance their current security programs by aggregating a lot of the open market tools and streamlining the purchasing process. The Department of Homeland Se

4 min Malware

Cuckoo Sandbox approaching 1.0

Somewhere around one year ago Cuckoo Sandbox was awarded as one of the winners of the first round of sponsorship through the Magnificent7 program [http://www.rapid7.com/company/news/press-releases/2012/magnificent7-program.jsp] . Since then the project progressed and grew up quickly: when we started the program we were somewhere around release 0.3 and as of now we are developing what it's hopefully going to be version 1.0! The amount of improvements is countless. We restructured heavily the pro

6 min Malware

Fooling malware like a boss with Cuckoo Sandbox

After several months of work, we finally released Cuckoo Sandbox 0.6 [http://cuckoosandbox.org/2013-04-15-cuckoo-sandbox-06.html]. This release represents an important step forward in the growth of the project; several new features have been introduced, along with extensive work to improve the overall stability and quality of the sandbox and the results it's now able to produce. Some of this closes down a few of the last milestones we had left in our plan for the Magnificent7 program, some othe

4 min Malware

Botnets and the War on Bitcoin

If you've been reading the most recent news from the interwebs, you probably heard that Bitcoin is on a rollercoaster. If you're not familiar with it, Bitcoin is a global online currency, the cash of the Internet. It has no central regulator and no authority: it's a decentralized system where technology is in control. Bitcoins are generated by the people part of its network. Generating, or better "mining", Bitcoins requires your computer to perform an expensive cryptographic computation that,

15 min Malware

Skynet, a Tor-powered botnet straight from Reddit

While wandering through the dark alleys of the Internet we encountered an unusual malware artifact, something that we never observed before that gave us fun while we meticulously dissected it until late night. The more we spent time looking at it, the more it started to look unusually familiar. As a matter of fact it turned out being the exact same botnet that an audacious Reddit user of possible German origin named “throwaway236236” described in a very popular I Am A thread you can read here [

1 min Open Source

Webcast: Playing in the Sandbox - Open Source Tools for Threat Intelligence

If you missed last week's webcast in the Life's a Breach series, I have good news for you: The recording is now available [http://information.rapid7.com/open-source-tools-for-threat-intelligence-on-demand.html?LS=1315242&CS=web] . In this webcast, Claudio Guarnieri, security researcher with Rapid7 and creator of Cuckoo Sandbox, shows what we can learn from analyzing malware that have been caught with honeypots. By watching this webcast you will learn: * How to actively collect and analyze thr

13 min Malware

Analysis of the FinFisher Lawful Interception Malware

It's all over the news once again: lawful interception malware discovered in the wild being used by government organizations for intelligence and surveillance activities. We saw it last year when the Chaos Computer Club unveiled a trojan being used by the federal government in Germany, WikiLeaks released a collection of related documents in the Spy Files, we read about an alleged offer from Gamma Group to provide the toolkit FinFisher to the Egyptian government, and we are reading once again now

4 min Malware

Cuckoo Sandbox 0.4 Simplifies Malware Analysis with KVM support, Signatures and Extended Modularity

That's right, the much anticipated and long awaited 0.4 release is finally here [http://www.cuckoosandbox.org/]! Just like divas arrive late at the gala, we took some more time than expected, but are now worthy of a triumphant entrance. If you're not familiar with Cuckoo Sandbox [http://www.cuckoosandbox.org/], it's an open source solution for automating malware analysis. What does that mean? Simply that you can throw any suspicious file at it and after a few seconds it will give you back det