Project Sauron (aka “Strider”): what is important to know?

It’s a trend topic, I think is useful summing up the highlights taken from the major sites. The malware has been active since at least 2011 and has been discovered on 30 infected organizations in Russia, Iran, Rwanda and possibly in Italian-speaking countries as well. From Arstechnica.com: The malware — known alternatively as “ProjectSauron” by researchers from Kaspersky…

Malware analysis, my own list of tools and resources

A constantly updated list — Last update: February 15, 2017   During my daily activities of analysis and research, often I discover new useful tools. I collected them in this list (periodically updated). Enjoy! Detection AnalyzePE — Wrapper for a variety of tools for reporting on Windows PE files. chkrootkit — Linux rootkit detector. Rootkit Hunter — Detect Linux rootkits. Detect-It-Easy — A program for determining…

Tech for Jihad: Dissecting Jihadists’ Digital Toolbox

Flashpoint analysts reveal cyber tools used by islamic terrorists Jihadist groups use a variety of digital tools and online services that allow them to maintain a strong online presence, while also helping them remain undetected by adversaries. In a new report called Tech for Jihad: Dissecting Jihadists’ Digital Toolbox, Flashpoint’s analysts Laith Alkhouri and Alex…

Your iPhone can be remotely compromised with a simple message

Luckily, the vulnerability was already fixed by Apple Tyler Bohan, a security researcher from Cisco Talos, has discovered a critical bug in iOS, similar to Android Stagefright. The vulnerability (CVE-2016–4631) resides in ImageIO, an API used to handle image data, and works across all widely-used Apple operating systems: When rendered by applications that use the Image…

Automate IP and URL analysis with Automater

Automater is a tool created to automate the OSINT analysis of IP addresses. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert.com, VxVault.net, and VirusTotal.com. There are many output methods: –o will output to…

OpenSSL Tips: how to generate a .pfx file from certificate and private key?

Do you need a .pfx file? You have the single certificate (.cer/.pem/.crt) and the private key (.key), but you need a single .pfx file (a passworded container format that contains both public and private certificate pairs) to install it on IIS Webserver? The solution is pretty simple, using OpenSSL: openssl pkcs12 -export -out PFXFILENAME.pfx -inkey PRIVATEKEYFILE.key -in PEMFILE.pem…