Tag: benoit ancel
-
The Bagsu banker case – presentation
Some time ago, researchers at CSIS Security Group discovered the infrastructure of a “quiet” banking trojan actor that had been targeting German users since at least 2014. At VB2019 CSIS researcher Benoît Ancel gave a talk in which he provided a technical insight into the whole operation: infrastructure, multi-platform trojans, money laundering schemes, and a…
-
VB2018 presentation: The wolf in sheep’s clothing – undressed
In recent years, we have seen a trend of commercial spyware being sold to governments. This is a very controversial subject, not least because of the frequent use of this spyware against opposition targets. However, there is general agreement that the malware tends in most cases to be well written. There are exceptions though. At…
-
VB2018 presentation: The wolf in sheep’s clothing – undressed
In recent years, we have seen a trend of commercial spyware being sold to governments. This is a very controversial subject, not least because of the frequent use of this spyware against opposition targets. However, there is general agreement that the malware tends in most cases to be well written. There are exceptions though. At…
-
VB2018 preview: commercial spyware and its use by governments
Yesterday, a new report by Citizen Lab looked at NSO Group ‘s Pegasus spyware and its global use. The report is worth a read, for the political implications of the findings, for the interesting methodology used, as well as for the section on the ethics of DNS cache probing. I have long been a fan…
-
VB2018 preview: commercial spyware and its use by governments
Yesterday, a new report by Citizen Lab looked at NSO Group ‘s Pegasus spyware and its global use. The report is worth a read, for the political implications of the findings, for the interesting methodology used, as well as for the section on the ethics of DNS cache probing. I have long been a fan…
-
Massive data breach confirms what you already knew: you are getting spam
The security community spends a lot of time and effort researching the infrastructure used by spammers to send billions of unwanted and often malicious emails every day – but there is something else spammers need in order to send you their emails: your email address. Security researcher Benoît Ancel’s recent discovery of various databases used by…
-
Massive data breach confirms what you already knew: you are getting spam
The security community spends a lot of time and effort researching the infrastructure used by spammers to send billions of unwanted and often malicious emails every day – but there is something else spammers need in order to send you their emails: your email address. Security researcher Benoît Ancel’s recent discovery of various databases used by…
-
VB2016 paper: Debugging and monitoring malware network activities with Haka
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic. After all, for somewhat understandable reasons, there is no standard C&C protocol for malware. If you regularly find yourself in this situation, you may want to have…
-
VB2016 paper: Debugging and monitoring malware network activities with Haka
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic. After all, for somewhat understandable reasons, there is no standard C&C protocol for malware. If you regularly find yourself in this situation, you may want to have…
-
VB2016 preview: Debugging and Monitoring Malware Network Activities with Haka
Although some inventive (and often quite impractical) non-network-based ways to remotely control malware have been presented, most botnets use the normal Internet connection of the infected device to send information and receive commands. This inherent weakness in botnets’ infrastructures makes command and control traffic a useful avenue for analysing botnet behaviour. Haka is an open…