05/09/2019 - Karsten Hahn
Strange Bits: HTML Smuggling and GitHub Hosted Malware
Sometimes we see odd stuff, like malware that employs a technique called "HTML Smuggling". Also, malware on GitHub seems to be a thing these days.
Techblog
04/29/2019 - Stefan Decker
HowTo: Combine Graylog and AlertManager
Are you using Graylog and would like to handle alerts with help from Prometheus AlertManager? No problem, we got a solution for you!
04/23/2019 - Kadir Bölükbasi
Graph databases: Bad neighborhoods, parents and machine learning
This is the final post in our graph database series, where we introduce a classification algorithm that operates on a graph. Within it, we give a high level description of the algorithm and we point out some general steps that can be carried to conceptually improve the overall performance.
04/16/2019 - Stefan Hausotte
Native single-binary with .Net Core 3.0 and Azure Pipeline
How to create an native single-binary executable for Windows and Linux with C#, .Net Core 3.0 preview and Azure Pipelines.
04/11/2019 - Karsten Hahn
GarrantyDecrypt Ransomware poses as EnigmaSoft's SpyHunter
A new ransomware variant discredits EnigmaSoft by pretending to be SpyHunter. The ransom message reads like mockery. Some of the encrypted files might be recoverable.
04/04/2019 - Karsten Hahn
Paliz, the PowerShell downloader in a ZIP and beyond
Threat actors regularly come up with new techniques for malware downloaders to hide and execute their code with the expectation that they can fool antivirus solutions for some time. Paliz is an archive that carries malicious code in an unusual location.
02/18/2019 -
Distributing Malware - one "Word" at a Time
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
01/29/2019 -
Unpacking 101: Writing a static Unpacker for Ldpinch
Packers are commonly used by malware authors to thwart analysis. In our latest TechBlog article we will take a look at how packers work and how to unpack malware without running it.
01/08/2019 - Kadir Bölükbasi
One Graph To Find Them All
Within this follow up post, we dive more thoroughly into one particular problem our Virus Analysts are commonly faced with, namely finding a large quantity of either similar or identical samples. We lay out how we use our graph database to tackle this problem and support our analysts.
12/17/2018 - Florian Hockmann
How to Avoid Doppelgängers in a Graph Database
In this post, we take a look at the problem of getting duplicate data (the doppelgängers) in a graph database like JanusGraph and discuss different approaches to solve it. We will therefore walk through our experiences with upserts at G DATA and how we improved our upserting process…
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist