We developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, along other renown academic researchers. This blog post provides a quick summary of the methodology developed for tracing ransomware payments and the study's findings.
April 26, 2018
This blog is the outcome of my 4 months of internship at GoSecure. I will describe two internal projects that we have developed to gather all kinds of interesting and valuable data. The first project aimed at gathering data on .onion sites—known as the Darknet—while the second one focused at gathering data on sites like Pastebin, GitHub’s gists and Dumpz.
April 03, 2018
We discovered a new Web attack vector abusing the Edge Side Include (ESI) features common in caching services and product. We will explain the conditions required for exploitation along with 3 example payloads: Cookie exfiltration, SSRF and bypassing client-side XSS filtering.
March 07, 2018
A few months ago, the International Data Corporation (IDC) conducted a Technology Spotlight and Customer Spotlight about our company. The two reports reaffirm our position as a high-quality provider of managed security services, one that follows a flexible and customer-centric approach. We provide a summary of the two reports below.