Detecting macOS.GMERA Malware Through Behavioral Inspection
New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?
Read More
Trickbot Update: Brief Analysis of a Recent Trickbot Payload
In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test
Read More
FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals
Vitali Kremez diving into the FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems.
Read More
RIG Exploit Kit Chain Internals
Vitali Kremez explaining the RIG Exploit Kit and the infection chain internals that led to the Amadey Stealer and Clipboard Hijacker.
Read More
Gootkit Banking Trojan | Part 3: Retrieving the Final Payload
Gootkit’s final payload contains multiple Node.js scripts. Join Daniel Bunce as he reverse engineers the malware to take a deeper look at what it delivers.
Read More
macOS Incident Response | Part 3: System Manipulation
How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.
Read More
Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities
Reverse engineering Gootkit reveals tricks for persistence, self-updating and a kill switch. Join us as we continue our deep dive into this banking malware
Read More
macOS Incident Response | Part 2: User Data, Activity and Behavior
What can we learn about user activity and behavior on a compromised Mac? Learn about the hidden and obfuscated data stores Apple use on the macOS platform.
Read More
macOS Incident Response | Part 1: Collecting Device, File & System Data
How should you investigate an infected Mac? Has there been lateral movement, data exfiltration, system manipulation? Learn macOS incident response here.
Read More
Gootkit Banking Trojan | Deep Dive into Anti-Analysis Features
Gootkit packs plenty of Anti-Analysis features to evade sandboxes, prevent execution in a Virtual Machine, and slow down analysis. Let’s take a dive inside!
Read More