My first blog with ESET Research is up documenting a cyber-espionage toolkit we called Ramsay, likely designed to spread within air-gapped networks via a file-based protocol and parasitic file infection. Some overlaps with #DarkHotel's Retro were found. x.com/ESETresearch/s…

First preview of the new open source tool we will release soon. Stay tuned #Linux #Ubuntu

My new blog post about continued Ke3chang (APT15 🇨🇳) tool changes in 2020 and their new "Ketrum" tools. intezer.com/blog/research/… Zuzana Hromcova was very helpful with her previous documentation of the group's activities in 2019.

We just shared our Linux binaries map, which allows you to explore the code-sharing relationship between all binary files in a standard Azure Ubuntu cloud workload! intezer.com/linux-binaries… Raw data available here - github.com/intezer/Linux-…

My very first blog is now published! Part 1 out of a multi-part series that will provide you practical knowledge for #ELF malware analysis. Check it out hubs.ly/H0ryf110

[1/3] 🆕 Linux version of #Lazarus's #ManusCrypt variant F. Its PE version was reported by the Follow CISA's accounts: @CISAgov and @CISACyber in May 2020 analyze.intezer.com/#/analyses/fb5… ->>

Undetected Doki attack actively infecting vulnerable #Docker servers in the cloud. Attacker uses a novel Domain Generation Algorithm (DGA) based on a DogeCoin digital wallet to generate C&C domains. Research by Nicole and Michael Kajiloti hubs.ly/H0t0qdB0

My very first blog is out! As part of an ongoing attack on vulnerable Docker servers, a new undetected malware called Doki is dropped. It uses DogeCoin digital wallet to generate C&C domains. Check it out: intezer.com/container-secu…

Huge discovery by our research team - #Docker servers in the cloud with exposed API are at risk of being hacked within a few hours with a fully undetected #Linux malware. Payload with 0 detections in VT for months. Read the technical report here - intezer.com/container-secu…

Part 2 is now published! Practice hands on #ELF malware analysis hubs.ly/H0tQqYl0 Intezer

I wrote a tutorial how to hunt for malware that uses OST libraries. It's a pretty advanced technique and I've been able to catch some low detected samples and track threat groups migrating to use new OST libraries using this technique. Hope you enjoy. intezer.com/blog/threat-hu…

TeamTNT is abusing a legitimate tool to gain full control over victim servers—essentially functioning as a backdoor. To our knowledge, this is the first time an attacker has used legitimate third party software to target cloud infrastructure hubs.li/H0vP59y0

My new blog post about TeamTNT abusing a legitimate tool to gain full control over victim servers, first time attackers use legitimate 3rd party software to target Linux and cloud infrastructure. Check it out: intezer.com/blog/cloud-wor…

Here it is, proud to release the OST map. A central location to track threat actor usage of open source offensive tools. I have man people to thank for allowing me to speak with both sides of the debate to understand this issue deeply. Enjoy! :)

Paul Litvak's talk is now available on Virus Bulletin vblocalhost.com/presentations/…

Operation #ElectroRAT Already thousands of crypto wallets stolen. Extensive campaign includes written from scratch RAT hidden in trojanized applications. Windows, Linux and macOS samples undetected in VirusTotal intezer.com/blog/research/…

[1/7] Operation #ElectroRAT is a new campaign that takes sizable measures to steal crypto wallets. For more information about the operation - intezer.com/blog/research/… The following is a technical analysis-> Intezer

Today! At @AppSec Village, Guy Kaplan and I will dive into open-source shadow vulnerabilities and shed light on an emerging vulnerability concept and our journey uncovering it. Be there! #defcon31 DEF CON. appsecvillage.com/events/dc-2023…

🚨 #ShellTorch New CVSS: 9.8 vulnerability in #PyTorch model server TorchServe, threatens countless #AI users. Immediate action is required! >> oligo.security/blog/shelltorc…

🚨 Apple released security updates for multiple devices. Of these, 5 vulnerabilities in AirPlay were reported by the Oligo Security research team.