reverse engineering

December 1, 2016

THREAT RESEARCH

Project FIRST: Share Knowledge, Speed up Analysis

1 min read

Project FIRST is lead by Angel M. Villegas. This post is authored by Holger Unterbrink. Talos is pleased to announce the release of the Function Identification and Recovery Signature Tool (FIRST). It is an open-source framework that allows sharing of knowledge about similar functions used across file types that IDA Pro can analyze. The aim […]

November 15, 2016

THREAT RESEARCH

Crashing Stacks Without Squishing Bugs: Advanced Vulnerability Analysis

1 min read

Overview Crash triaging can be a long and complicated process; by using proper tools and having an optimal approach, we can make this a bit easier and less time consuming. In this post we describe a triaging strategy and toolset based on two examples of vulnerability classes: Stack based buffer overflow Heap based buffer overflow […]

October 20, 2015

THREAT RESEARCH

Dangerous Clipboard: Analysis of the MS15-072 Patch

1 min read

This post was authored by Marcin Noga with contributions from Jaeson Schultz. Have you ever thought about how security researchers take a patch that has been released, and then reverse it to find the underlying security issue? Well, back In July Microsoft released security bulletin MS15-072, titled: “Vulnerability in Windows Graphics Component Could Allow Elevation […]

May 4, 2015

THREAT RESEARCH

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

9 min read

This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated analysis tools […]

February 9, 2015

THREAT RESEARCH

Cryptowall 3.0: Back to the Basics

6 min read

This post was authored by Andrea Allievi  & Earl Carter Ransomware continues to impact a large number of organizations and the malware continues to evolve. In January, we examined Cryptowall 2.0 and highlighted new features incorporated into the dropper and Cryptowall binary. When Cryptowall 3.0 appeared, we were interested in seeing what new functionality was […]

January 6, 2015

THREAT RESEARCH

Ransomware on Steroids: Cryptowall 2.0

6 min read

This post was authored by Andrea Allievi and Earl Carter. Ransomware holds a user’s data hostage. The latest ransomware variants encrypt the user’s data, thus making it unusable until a ransom is paid to retrieve the decryption key. The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. The dropper utilizes multiple […]