18 June 2018

We developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, along other renown academic researchers. This blog post provides a quick summary of the methodology developed for tracing ransomware payments and the study's findings. 

January 10, 2018

Privilege "escalation"The latest VMware Horizon vulnerability is via an attack vector that shouldn't be overlooked: bad Windows process handles management. In this article, you will find all the details around CVE-2017-4946 which was discovered and exploited by Martin Lemay during a pentest engagement.

August 10, 2017

New results related to our research about Linux/Moose, an IoT botnet that conducts social media fraud (SMF), were published in the scientific journal, Social Media & Society, last week. The article is open-source and available at: http://dl.acm.org/citation.cfm?id=3097301. However, if you don’t want to bother reading it, the blog post provides a quick summary of the main findings. 

July 20, 2017

In this blog post, we discuss the basic strategy to integrate CSP into an existing website. It covers the theory and the new features of CSP Auditor.