In this post, we describe the new RDP man-in-the-middle and library project we developed and open sourced. Our MITM features a file stealer, a clipboard stealer and the ability to watch RDP sessions either live or after the fact. It is used as part of our RDP honeypot. In this post, we also describe an incident with a malicious user that infected our honeypot.
10 juillet 2018
This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it.
18 juin 2018
We developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, along other renown academic researchers. This blog post provides a quick summary of the methodology developed for tracing ransomware payments and the study's findings.
06 juin 2018
GoSecure, Inc., announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.