Skip to main content

Looking at cybersecurity from the other side of the looking glass

 Understanding malware

As a software engineer, I have taken for granted I'd understand a lot of how malware works. But then I also know that the devil is in the details. This lead me to a YouTube series by @lauriewired (https://www.youtube.com/@lauriewired), who is a reverse engineer and takes apart malware in full view so that viewers understand process as well as tools.  She is thorough and methodical in her videos, which makes me self-conscious about the way I leapt off the trail when doing similar investigations and looked to see what was at the endpoints or URLs I found in code - without finishing to see conclusively what the goal of the malware was. I'd assume data exfiltration, without necessarily proving such and from watching @lauriewired, I see there are many variants and what I'd missed was seeing how the perpetrators were likely actually setting up to download an entire command and control piece to make a virtual slave out of the system.

Seeing malware de-obfuscated and refactored provided an in-depth view of malware from the authors point of view. It was interesting in that the code was not haphazard, but also built with a certain level of redirection that seemed to only add stack-frames to the execution, perhaps itself a level of runtime obfuscation.

Overall, I've found a number of @LaurieWired presentations informative and would recommend giving them a look. 

Labels:
Location: Boston, MA, USA

Comments

Post a Comment

Popular posts from this blog

Let's Not Mess Around with Security on our Personal Systems Either!

Essential Security Practices for Your Personal Systems Ensuring a minimal level of cybersecurity, privacy, and availability on your personal systems means you need to manage the following essential practices. This is a brief overview of recommendations from sources like CISA, NSA, etc., focused on personal laptop, phone, and other systems' security. Anti-virus  I've found you'll get the best anti-virus protection and usability from a paid product - I've always had good luck with Norton labeled products. If you are looking for current vendor offerings see:  https://www.pcmag.com/picks/the-best-antivirus-protection Regardless of whether you choose to use a commercial product or open-source anti-virus tool, it is absolutely something you need to use. This is the minimally needed level of system security. Once installed, ideally, it should be invisible until there's a security problem it can't prevent or solve.   Backups You need to have at least a minimal level of ...
Post a Comment
Read more

RACI, Cybersecurity and NICE Framework

The NICE framework from a RACI point of view The NICE framework ( NIST SP 800-181 rev. 1) established a standard approach for describing cybersecurity work, in order to help stakeholders share a common language and ideally improve how to identify, recruit, develop and retain talent. It breaks down cybersecurity work role categories into: Oversight and Governance; Design and Development; Implementation and Operation; Protection and Defense; Investigation.  Which is very cybersecurity-centric and not related to common tools for project management within companies. Especially smaller enterprises that do not have dedicated people to mange and coordinate cybersecurity needs. A  RACI chart  is   a project management tool used to define and clarify roles and responsibilities within a project team.   It stands for Responsible, Accountable, Consulted, and Informed, and visually represents who is responsible for what, who is accountable for the outcome, who needs to be c...
Post a Comment
Read more

Threat Modeling Manifesto

Secure Your Code with Threat Modeling As a software developer, security should be a top priority. By proactively identifying and addressing potential vulnerabilities, you can significantly reduce the risk of breaches and data loss. What is Threat Modeling?   Threat modeling is a systematic approach to identifying, assessing, and mitigating security threats. It involves looking at your system from a hacker's perspective to uncover weaknesses and devise strategies to protect against attacks. See the  OWASP Cheat Sheet   Why is Threat Modeling Important? Proactive Security: By anticipating potential threats, you can take steps to prevent them. Risk Mitigation: Identify and address vulnerabilities before they can be exploited. Regulatory Compliance: Adhere to industry standards and regulations. Enhanced Security Posture: Strengthen your overall security posture. How to Get Started with Threat Modeling   The Threat Modeling Manifesto provides a valuable framewor...
Post a Comment
Read more