More and more embedded devices pervade business processes and personal activities. From a security perspective this leads to an increased attack surface and higher risk by the common utilization of devices.
Today we will talk about the different ways that we use to unpack malware, and the author will share some of the tools and scripts that he often uses for this purpose. The way the order is determined largely depends on the analysis of the malware family. Sometimes it takes a lot of patience and imagination. But sometimes we can find the general behavior of malicious software, which can help us automate the task of unpacking malicious programs.
Employees FedScoop published an article on the abolition of “federal” from the management of cybersecurity. The National Institute of Standards and Technology excluded the formulation specific to federal legislation from its important publication on cybersecurity and confidentiality. This is one of a number of proposed changes rolled out this week after a long delay.
Today, so much everything is permeated with the Internet and most are stored in the cloud. Vladimir Catal tells the story of Apple iCloud, its most famous hacks and about his own forensic efforts. He chronicles the development of iCloud and iOS Forensics.
Lawrence Abrams talks about a new discovery, which is called SyncCrypt, the security researcher Emsisoft xXToffeeXx, which is distributed using spam attachments containing WSF files. Lawrence analyzed the script, and noted that the method used to download and install Ransomware is quite interesting. This is because the WSF script will download images with embedded ZIP files that contain the necessary files to infect the computer with SyncCrypt. This method has also made the images undetectable by almost all antivirus vendors on VirusTotal.
SANS shared new video Elevating Your Analysis Tactics with the DFIR Network Forensics.
Jason Hale talks about Memory Acquisition and Virtual Secure Fashion. «Physical memory is commonly acquired using a software-based memory acquisition tool such as winpmem, DumpIt, Magnet RAM Capturer, FTK Imager, or one of the several other options available. These tools typically load a device driver into the kernel and subsequently read memory through mapping the \\Device\PhysicalMemory object, using a function such as MmMapIoSpace, or directly manipulating the page tables. Many of these tools also share a similar trait: their use on a system with virtual secure mode enabled results in a system crash.».