5 min read - The right free analysis tools can aid proactive threat hunting and help security professionals detect even the most advanced threats in their networks.
8 min read - Recap of Bruce Schneier's Black Hat keynote, "The State of Incident Response," covering trends in the cyberworld and how threats should be addressed.
3 min read - How big data can fuel intelligence-driven security and how to secure the big data ecosystem. Based on keynotes from Eddie Schwartz and Davi Ottenheimer.
6 min read - An analysis of the recent Struts vulnerabilities in parameters and Cookie Interceptors, their impact and one possible way to exploit them.
4 min read - A recap of Kevin Mandia's "State of the Hack: One Year after the APT1 Report" keynote at RSA 2014 and "Hacking Exposed: PLA Edition" talk by Dmitri Alperovitch and George Kurtz.
7 min read - In this post, we will describe an unpatched vulnerability (CVE-2014-0900) in earlier releases of Android and how it can be exploited by malicious and lazy users to bypass MDM restrictions.
3 min read - Mikko Hypponen's "Government as Malware Authors" version at TrustyCon. There is a value for security professionals, researchers and leaders in the community to revive the keynotes and continue the discussion.
6 min read - A in-depth look at how to analyze OBAD manually and discover the device administrator vulnerability that makes it hide and prevent uninstallation. See also how to avoid ANR timeouts.
17 min read - OBAD has been agreed upon to be one of the most sophisticated piece of android malware and you can find various analysis on the web. In this series we will take it apart together and learn about its functionality and…
3 min read - Bluebox Labs last week announced a vulnerability in Android's code for cryptographic signature verification and app installation. They are planning to publicly disclose the details in their upcoming BlackHat US talk. Google has patched this vulnerability and some of the…
7 min read - I am planning to do a blog series on Malware Analysis using the Zeus sample that I recently received in an email. The idea is not only to share what it does, but to focus mostly on sufficient details.
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.