HackDig : Dig high-quality web security articles for hackers

Defeating Darkhotel Just-In-Time Decryption

Authored by: Arunpreet Singh and Clemens KolbitschThe use of runtime-packing of malware has long become the standard to defeat traditional AV products. At the same time, malicious programs are continuously becoming more evasive to avoid being detected by first-generation sandboxes. New waves of malware are now combining thes
Publish At:2015-11-06 05:35 | Read:3364 | Comments:0 | Tags:Evasive Malware Full-system Emulation APT Just-In-Time Decry

Lifting the Seams of the Shifu "Patchwork" Malware

Authored by: Clemens Kolbitsch and Arunpreet SinghAnother week comes to an end, another wave of evasive malware is attacking users. This week: Shifu. This malware family, termed an Uber Patchwork of Malware Tools in a recent DarkReading post, combines a plethora of evasive tricks to bypass traditional analysis systems,
Publish At:2015-09-05 05:30 | Read:2852 | Comments:0 | Tags:Evasive Malware Full-system Emulation APT Shifu Banking Troj

Awakening Dormant Functionality in Malware Programs

Authored by: Clemens Kolbitsch, Joe Giron, and Arunpreet SinghOver recent years, we have seen a rapid evolution of security products. Whenever a new technology is introduced, it tackles shortcomings of its predecessor, but also faces new challenges as attackers adapt to the changing security landscape.Just to give a few examples:
Publish At:2015-08-26 16:55 | Read:6412 | Comments:0 | Tags:Malware Behavior Full-system Emulation Wild Neutron Dormant

Catching the Hacking Team’s System Access Token Thief Red-Handed

Authored by: Arunpreet Singh, Roman VasilenkoIn their Youtube commercial, the infamous Hacking Team promises to their clients, who are typically government or law enforcement agencies, the ability to “look through [the customer’s] target’s eyes”. At the same time, they promise to do this by means of tools that are “stealth a
Publish At:2015-07-13 22:25 | Read:4479 | Comments:0 | Tags:Full-system Emulation Kernel exploits HackingTeam Breach

Unmasking Kernel Exploits

A large set of publicly disclosed Advanced Persistent Threat (APT) and nation state attacks use sophisticated malware (e.g Turla, Duqu, Equation Group, Duqu2, etc.) that make use of at least one component running hidden inside the kernel of the Microsoft Windows operating system (OS). There, malware remains hidden from security solutions,
Publish At:2015-07-08 05:05 | Read:5135 | Comments:0 | Tags:Full-system Emulation Kernel exploits Advanced Persistent Th

Does Dyre malware play nice in your sandbox?

Recent media coverage drew a lot of attention to a new variant of the Dyre/Dyreza malware family that is evading traditional sandbox-based analysis systems. At the same time, F-Secure highlighted similar tricks found in Tinba malware. Not only are individual families starting to detect and evade traditional sandboxes - it’s becoming a much
Publish At:2015-05-09 00:30 | Read:3323 | Comments:0 | Tags:Full-system Emulation Dyreza Malware Tinba Malware Dyre Malw

Analyzing Environment-Aware Malware

A look at Zeus Trojan variant called Citadel evading traditional sandboxes Fighting traditional sandboxes (or dynamic analysis systems in general) typically comes in the form of detecting the analysis environment or evading analysis through means of behavior triggers as mentioned in a previous blog post: Using High-Resolution Dynamic Analysis for BHO Trigger
Publish At:2014-08-09 12:42 | Read:5748 | Comments:0 | Tags:Malware Research Evasive Malware Full-system Emulation


Tag Cloud