Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation Authors: Boudewijn Meijer && Rick VeldhovenIntroductionAs defensive security products im... 2024-9-25 18:36:12 | 阅读: 11 | 收藏 | Fox-IT International blog - blog.fox-it.com bytecode machine operand malicious

Sifting through the spines: identifying (potential) Cactus ransomware victims Authored by Willem Zeeman and Yun Zheng HuThis blog is part of a series written by various D... 2024-4-25 12:0:0 | 阅读: 38 | 收藏 | Fox-IT International blog - blog.fox-it.com qlik cactus ransomware ttf security

Android Malware Vultur Expands Its Wingspan Authored by Joshua KampThe authors behind Android banking malware Vultur have been spott... 2024-3-28 18:0:15 | 阅读: 11 | 收藏 | Fox-IT International blog - blog.fox-it.com vultur payload c2 vnc

Memory Scanning for the Masses Author: Axel Boesenach and Erik SchamperIn this blog post we will go i... 2024-1-25 19:0:0 | 阅读: 9 | 收藏 | Fox-IT International blog - blog.fox-it.com memory regions windows processes skrapa

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics Max Groot & Erik SchamperWindows Defender (the antivirus shipped with standard installa... 2023-12-14 13:13:0 | 阅读: 15 | 收藏 | Fox-IT International blog - blog.fox-it.com defender windows dissect

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses Authored by Margit HazenbroekAt Fox-IT (part of NCC Group) identifying servers that host nef... 2023-11-15 22:0:8 | 阅读: 10 | 收藏 | Fox-IT International blog - blog.fox-it.com malicious typos anomalous deviations spelling

Popping Blisters for research: An overview of past payloads and exploring recent developments Authored by Mick KoomenBlister is a piece of malware that loads a payload embedded insid... 2023-11-1 20:17:23 | 阅读: 22 | 收藏 | Fox-IT International blog - blog.fox-it.com blister mythic cobalt

From ERMAC to Hook: Investigating the technical differences between two Android malware variants Authored by Joshua Kamp (main author) and Alberto Segura.SummaryHook and ERMAC are Andro... 2023-9-11 17:5:30 | 阅读: 52 | 收藏 | Fox-IT International blog - blog.fox-it.com ermac victim c2 decompiled

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScaler... 2023-8-15 21:29:56 | 阅读: 38 | 收藏 | Fox-IT International blog - blog.fox-it.com netscalers citrix divd 3519 netscaler

From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager During a recent incident response case, we found traces of an adversary leveraging ConnectWise R... 2023-2-22 18:18:13 | 阅读: 45 | 收藏 | Fox-IT International blog - blog.fox-it.com r1soft software malicious backup zk

Threat spotlight: Hydra This publication is part of our Annual Threat Monitor report that was released on the 8th of Feb... 2023-2-15 21:31:15 | 阅读: 22 | 收藏 | Fox-IT International blog - blog.fox-it.com c2 hydra tas injections github

CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet Authored by Yun Zheng HuRecently, two critical vulnerabilities were reported in Citrix ADC a... 2022-12-28 19:15:32 | 阅读: 76 | 收藏 | Fox-IT International blog - blog.fox-it.com citrix adc netscaler qcow2 vpx

One Year Since Log4Shell: Lessons Learned for the next ‘code red’ Authored by Edwin van Vliet and Max GrootOne year ago, Fox-IT and NCC Group released their b... 2022-12-12 16:3:26 | 阅读: 24 | 收藏 | Fox-IT International blog - blog.fox-it.com log4shell security network software emergency

I’m in your hypervisor, collecting your evidence Authored by Erik SchamperData acquisition during incident response engagements is always a b... 2022-10-18 23:1:35 | 阅读: 21 | 收藏 | blog.fox-it.com vmfs dissect acquire machine acquisition

Sharkbot is back in Google Play Authored by Alberto Segura (main author) and Mike Stokkel (co-author)IntroductionAfter w... 2022-9-2 19:7:31 | 阅读: 26 | 收藏 | blog.fox-it.com sharkbot c2 victim

Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study  Max Groot & Ruud van LuijkTL;DRA recently uncovered malware sample dubbed ‘Saitama’ was... 2022-8-12 00:5:12 | 阅读: 28 | 收藏 | blog.fox-it.com saitama c2 client fox tunnelling

Flubot: the evolution of a notorious Android Banking Malware Authored by Alberto Segura (main author) and Rolf Govers (co-author)SummaryFlubot is an... 2022-6-30 01:16:34 | 阅读: 39 | 收藏 | blog.fox-it.com flubot tas c2 smishing dga

Adventures in the land of BumbleBee Authored by: Nikolaos Totosis, Nikolaos Pantazopoulos and Mike Stokkel... 2022-4-29 19:14:10 | 阅读: 24 | 收藏 | blog.fox-it.com bumblebee network loader analysis windows

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store Authors:Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Ex... 2022-3-4 03:23:28 | 阅读: 43 | 收藏 | blog.fox-it.com sharkbot c2 ats transfers

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 tl;dr Run our new tool by adding -javaagent:log4j-jndi-be-gone-1.0.0-stand... 2021-12-14 07:11:44 | 阅读: 18 | 收藏 | blog.fox-it.com log4j jndi log4shell jndilookup javaagent