Mindblown: a blog about philosophy.
-
VB2019 paper: Play fuzzing machine – hunting iOS and macOS kernel vulnerabilities automatically and smartly
Apple ’s MacOS and iOS operating systems are often praised for their security. Yet vulnerabilities in both operating systems are regularly being found and exploited, especially by more advanced attackers. In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how researchers like them hunt for such vulnerabilities…
-
VB2019 paper: Finding drive-by rookies using an automated active observation platform
Exploit kits made a bit of a comeback in 2019, something we have also seen in our test lab . Detecting these kits isn’t trivial though, given the various anti-analysis measures built into them, from geo-restricting to specific countries or regions, to the detection of client-side sandboxes. In a last-minute paper presented at VB2019 in…
-
VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary
PKPLUG is the name used by Palo Alto Networks ’ Unit 42 team for a China-based threat actor engaged in cyber espionage. The actor uses both off-the-shelf and custom-made malware and some of its infrastructure overlaps with other threat groups. The group’s activities were detailed in a VB2019 paper by Unit 42 ’s Alex Hinchliffe,…
-
VB2019 paper: Static analysis methods for detection of Microsoft Office exploits
Though the typical malware attack in 2020 arrives by email and is executed via the enabling of Office macros, some attacks exploit (patched) vulnerabilities in Office that allow for the execution of malicious code when someone merely opens the file. In a paper presented at VB2019 in London, McAfee researcher Chintan Shah presented methods for…
-
New paper: LokiBot: dissecting the C&C panel deployments
First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. LokiBot C&C panel with CAPTCHA. In a new paper (published today in both HTML and PDF format) researcher Aditya Sood analyses the URL structure of…
-
VB2019 presentation: Building secure sharing systems that treat humans as features not bugs
There are certain paradigms that continue to permeate information security: Humans are the weakest link in security. Always assume breach. Privacy is dead. And along with these paradigms goes the tendency to lock down data. But rather than making our systems more secure this actually weakens our defences by curtailing innovation and collaboration. Andrea Limbago…
-
VB2019 presentation: Attor: spy platform with curious GSM fingerprinting
Attor is a newly discovered cyber-espionage platform, use of which dates back to at least 2014 and which focuses on diplomatic missions and governmental institutions. The modular malware searches specifically for TrueCrypt ‑protected hard drives and the processes of specific VPN applications, suggesting a special interest in security-focused users. The most notable plug-in is one…
-
Why we encourage newcomers and seasoned presenters alike to submit a paper for VB2020
Over almost three decades, the Virus Bulletin Conference has built a reputation as a conference that produces solid content. While you might be forgiven for thinking this comes from having experienced speakers with decades’ worth of experience doing security research, this is not always the case – it is often the bright minds of rising stars…
-
VB2019 paper: The cake is a lie! Uncovering the secret world of malware-like cheats in video games
With more than 2.5 billion gamers around the world, the video gaming industry has overtaken all other entertainment categories in size and revenue. But in tandem with the boom in video gaming has arisen a growing illegal economy: that of video game cheats and hacks. Gaming communities are riddled with messages complaining about the increasing…
-
VB2019 paper: Rich headers: leveraging the mysterious artifact of the PE format
When analysing malware, especially if it’s new and rare, researchers look for every possible clue that could give them details on the context and perhaps help them find similar samples. One such clue could be what has been called ‘rich headers’, an undocumented chunk of data inside PE files. In a paper presented at VB2019…
Got any book recommendations?