Tag: check point
-
VB2019 paper: Domestic Kitten: an Iranian surveillance program
In September last year, researchers at Check Point uncovered an Iranian operation they named ‘Domestic Kitten’ and that used Android apps for targeted surveillance. Active since 2016, the operation continued after this discovery with new malware found during the course of 2019. In a paper presented at VB2019 in London, Check Point researchers Aseel Kayal…
-
VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation
The two most common methods for analysing potentially malicious files each have their shortcomings. Dynamic analysis only looks at what actually happens when the code is run and can thus be frustrated by anti-analysis techniques. Static analysis doesn’t have this shortcoming, but is hindered by obfuscation used in the file. In a paper presented at…
-
VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation
The two most common methods for analysing potentially malicious files each have their shortcomings. Dynamic analysis only looks at what actually happens when the code is run and can thus be frustrated by anti-analysis techniques. Static analysis doesn’t have this shortcoming, but is hindered by obfuscation used in the file. In a paper presented at…
-
VB2018 video: The Big Bang Theory by APT-C-23
The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in early 2013. Its campaigns have since been written about by many security vendors, including Palo Alto and Cisco Talos . Check Point…
-
VB2018 video: The Big Bang Theory by APT-C-23
The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in early 2013. Its campaigns have since been written about by many security vendors, including Palo Alto and Cisco Talos . Check Point…
-
VB2017 paper: Nine circles of Cerber
Earlier this week, we published the video of a VB2017 presentation on the Spora ransomware. Spora is hardly alone in this prominent threat type though, and one of the other major names in the world of ransomware is Cerber, which operates a successful affiliate scheme, making it ‘The McDonald’s of the underworld’. Last year, Check…
-
VB2017 paper: Nine circles of Cerber
Earlier this week, we published the video of a VB2017 presentation on the Spora ransomware. Spora is hardly alone in this prominent threat type though, and one of the other major names in the world of ransomware is Cerber, which operates a successful affiliate scheme, making it ‘The McDonald’s of the underworld’. Last year, Check…
-
VB2016 paper: Great crypto failures
“More malware is using cryptography, and more malware is using better cryptography,” said Check Point researcher Yaniv Balmas on stage during VB2016. While the increased use of cryptography in general in recent years has been a great development, it is rather frustrating to find malware authors having joined the bandwagon – with ransomware being the ultimate…
-
VB2016 paper: Great crypto failures
“More malware is using cryptography, and more malware is using better cryptography,” said Check Point researcher Yaniv Balmas on stage during VB2016. While the increased use of cryptography in general in recent years has been a great development, it is rather frustrating to find malware authors having joined the bandwagon – with ransomware being the ultimate…
-
VB2016 paper: Defeating sandbox evasion: how to increase successful emulation rate in your virtualized environment
In order to analyse a potentially malicious binary, an important first step is to run it in a specialised virtual environment, or sandbox environment, and see what it does – if it exhibits some known malicious behaviour, it is probably worth blocking it. However, malware authors are wise to this analysis technique, and most pieces…