Reading view

There are new articles available, click to refresh the page.

Cracking Zeppelin

A few days ago Brian Krebs published a piece about Zeppelin key cracking, so … since I was also involved in recovering files for some of the ransomware gang victims […]

Dealing with alert fatigue, Part 1

Gazillion tickets, gazillion emails a day. The business as usual for most SOCs… It actually doesn’t matter how we got here (although I will cover some bits later on) – […]

Adobe: JSX and JSXBIN files

I wrote about older Adobe scripting before. I recently discovered that Adobe products support scripting using so-called ExtendScript language with code being stored either in a source-level JSX file, or […]

Password as a (Yara) Service

In a recent Twitter exchange with Tim I mentioned my earlier post in which I described a practice of crypto code copypasting being quite prevalent. Such practice is problematic of […]

DriverPack – Clean PDB paths

Unique PDB debug paths embedded inside malware are useful to detect other variants of the malicious family (not applicable to more advanced malware families where authors either wipe the paths […]

Hijacking HijackThis

Long before endpoint event logging became a norm it was incredibly difficult to collect information about popular processes, services, paths, CLSIDs, etc.. Antivirus companies, and later sandbox companies had tones […]

Infosec Salaries – the myth and the reality

Update 3 If you want to know more about salaries at FAANG and all over the world look at the following resources: levels.fyi h1bdata.info https://docs.google.com/spreadsheets/d/1TWvPQalmwl1sIS3n2eOU4KST4oJwcxtSfT8lMo9IgVM/edit https://twitter.com/LadyCyberRosie/status/1490695657249816583 Update 2 tl; dr; […]

Good file… (What is it good for) Part 2

This series talks about β€˜good’ files. That is, files (samples) produced by reputable vendors, often signed, and hopefully not compromised by stolen certificates, vulnerabilities, supply-chain attacks or bothered by other […]