Introducing the TypeRefHash (TRH)
We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware families.
Introducing the TypeRefHash (TRH)
We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware families.
New Java STRRAT ships with .crimson ransomware module
This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed.
10 best computer science edutainment games!
Learning computer science doesn't have to be purely educational anymore - like it's taught in schools or universities. There are many services out there, providing an additional entertaining part to the education. Hence the word edutainment. In this article, the best computer science edutainment…
Harmful Logging - Diving into MassLogger
There are many things that can be logged on a computer. While not all logging data is useful for the average user, a lot of logging goes on in the background of any system. However: There is good logging and bad logging. We have looked at an example of logging you definitely would not want.
Flipper Zero - Tamagochi For Hackers
This article is about Pavel Zhovner's latest invention - the Flipper Zero. This small tool could be the go-to device for pentesters all over the world. While we focussed this report on the Flipper Zero, the advanced Flipper One gets mentioned in a comparison later on.
Optimizing Edge Existence Checks on Supernodes
When operating on graphs, one very simple question emerges frequently: Is there a connection between two vertices? Does Tom know Jerry? While this looks like an easy question to answer for a graph database, it can actually be quite hard to find out without proper data structures. In this post, we…
Dumping COVID-19.jar with Java Instrumentation
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
PE trick explained: Telling 32 and 64 bit apart with naked eye
There is a simple trick to see the bitness of a Portable Executable file immediately by looking into a hex editor. But why does it even work? And is it reliable?
Spam campaign: Netwire RAT via paste.ee and MS Excel to German users
G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL.
Techniques: Current Use of Virtual Machine Detection Methods
A common approach to analyse potentially malicious software is dynamic analysis in a virtual machine. Therefore, malware authors use techniques to alter the malware's behavior when being run in a VM. But how do they actually do it?