Andrea Fortuna
Just some random thoughts about the Meaning of Life, The Universe, and Everything

Some days ago, during a brief memory analisys demonstration with Volatility, I’ve used a memory dump of a system infected with the “old-but-gold” Stuxnet.
But, one of the spectators asked me additional info about this malware, so I decided to collect some informations about the story of this “iconic” malware strain.

The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows.

An interesting article and video lesson by security reserarcher Didier Stevens.

The malware analyst Karsten Hahn recently published a very interesting video about the analysis of a sample of the well-known malware Ursnif.

I’ve already written about DLL Hijacking, but today I’d like to share a really interesting research by Wietze Beukema.

Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify.

Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.

A useful tool: fast and easy to use.

According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.

Malware researchers from Kaspersky have discovered new and improved versions of the FinFisher spyware, able o infect both Android and iOS devices.

According to the experts, the new versions have been active at least since 2018, one of the samples analyzed was used last month in Myanmar, where local government is accused of violating human rights.