Malware
Overview of free online malware analysis sandboxes
· β˜• 2 min read
This page contains a (hopefully up-to-date) list of useful online malware sandboxes and analytical platforms. The list is (and it is meant to be) non-exhaustive, but if you know of any sandbox which is not mentioned but offers interesting features, feel free to let me know about it. If you’d like to use the table in a presentation or share it on some other site, there is a PNG version bellow to make it easier.

Overview of free online malware analysis sandboxes – 2020 edition
· β˜• 2 min read
Whether your work has anything to do with security monitoring, malware analysis, incident response, or just general IT administration, you’ve probably come across VirusTotal. It is an invaluable tool when it comes to identifying malicious code, however sometimes we need to dig a bit deeper than just getting a 'detection score' for a potentially dangerous file...

SANS ISC Diary - Analysis of a triple-encrypted AZORult downloader
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at analysis of an interesting malicious document which turned out to be AZORult downloader. What made it stand out - among its other aspects - were 3 layers of home-grown encryption...

SANS ISC Diary - E-mail from Agent Tesla
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a multi-stage downloader for Agent Tesla.

SANS ISC Diary - Analysis of a strangely poetic malware
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a macro-based dropper sent to the Internet Storm Center by one of our readers.

SANS ISC Diary - Tricky LNK points to TrickBot
· β˜• 1 min read
A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at analyzing a malicious LNK file which leads us to a sample of Trickbot.

It's 2019 and WannaCry is still not dead
· β˜• 4 min read
Unless you live completely cut off from the rest of human civilization, chances are good you’ve heard about the WannaCry ransomware. However, so we’re all on the same page, I’ll go over the salient points of its history before discussing why it is still a threat. WannaCry - the first successful crypto-ransomware worm - started to spread on May 12th 2017 using the EternalBlue exploit and DoublePulsar backdoor implant (both courtesy of the Shadow Brokers and - by proxy - Equation Group/NSA) and supposedly hit more than 100 countries within the first 24 hours.