Cybersecurity

How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions.

In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks.

On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. In this post, we answer your questions that we didn’t answer during webinar.

Dan Demeter, Senior Security Researcher with Kaspersky’s Global Research and Analysis Team and head of Kaspersky’s Honeypot project, explains what honeypots are, why they’re recommended for catching external threats, and how you can set up your own simple SSH-honeypot.

Сybersecurity companies implement a variety of methods to discover previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. But can we rely entirely on machine learning approaches in the battle with the bad guys? Or could powerful AI itself be vulnerable?

Last year, we visited The MITRE Corporation and took part in the MITRE ATT&CK Evaluation Round 2. During this assessment, our technologies were tested against emulated attack techniques of the APT29 threat group.

While we are all working from home, why not tear some binary code apart and pick up some reverse engineering skills? Within one hour, we will outline the typical workflow that we follow when analyzing malware.

As you may already know, we have rescheduled the SAS 2020 conference for November 18-21. However, we cannot just leave it all until November, that’s why we invite you to SAS at Home, a series of webinars scheduled to kick off very soon, on the 28th-30th of April.

If you read my previous blogpost, “Hunting APTs with YARA” then you probably know about the webinar we’ve done on March 31, 2020, After it we received a number of interesting questions and as I promised, I will try to answer them below.

If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients.

In November I had the privilege of participating in a conference that can rightfully be labelled the world’s southernmost. It is called “Patagonia Hacking” and it is organized in the Chilean city of Punta Arenas

Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. The list of speakers was diverse in their interests, from big data visualization technologies and analysis of social media misinformation campaigns, to incidents of Russian speaking APT in the US electrical grid.

Another edition of BSides NYC has passed, and as first time attendee and presenter, I was genuinely impressed with the impeccable organization, the content shared, and the interesting conversations that took place among enthusiasts and professionals from all over the world.

The 2017 VirusBulletin conference is upon us and, as in previous years, we’re taking the opportunity to dive into an exciting subject, guided by our experience from doing hands-on APT research.

Today, a dangerous new trend is emerging: steganography is increasingly being used by actors creating malware and cyber-espionage tools. Most modern anti-malware solutions provide little, if any, protection from steganography, while any carrier in which a payload can be secretly carried poses a potential threat.