When I read Mandiant's report, I was pleased to see such a heavy hit to the infamous comment crew, but I had issues with some of the conclusions they ultimately settled on. Much like Kai Roer, I felt like several details in the report were a stret...
Read more →Earlier today I accidently opened up Twitter and saw this tweet: Some may disagree with the statement, but looking at targeted files on a daily basis, I would say it's pretty accurate. Truth be told, it only takes one person to open up the infecte...
Read more →The blog has been silent for about a month now and I have struggled with how to release some of my work without burning TTPs in the process. It's funny, the closer you get to the targets and victims, the less public analysis you end up doing. I am...
Read more →On November 22, 2011 the Internet Storm Center put out a great blog on Blackhole and Zeroaccess detailing changes in delivery method and payload. Being an incident responder, I find this information extremely valuable, but in this case, I knew som...
Read more →A few months ago I took a look at one of the more popular exploit kits and ripped into how it did PDF generation. I thought it was weak, easily identifiable and done without much thought. There was much more that could have been done to obfuscate ...
Read more →