Publications

2022

2021

Popular posts from this blog

The Rise of LNK Files (T1547.009) and Ways To Detect Them

Image
Microsoft Office macros have historically posed a significant threat as the preferred method of delivering malicious payloads, accounting for almost half of all deliveries. The reason is simple: Microsoft Office products are highly prevalent and macros are mostly either enabled or easily enabled through a single mouse click. With Microsoft’s decision to block macros by default, threat actors have adapted their delivery techniques towards macro alternatives (e.g., Emotet ). One of those alternatives are Microsoft shortcuts , which have, in comparison to zero days or other fancy exploits, generally not received the attention they (sh|c)hould . In what follows, I will first provide a brief introduction to why and how macros were blocked as well as how to bypass the protections that were put in place. I will then give an overview of LNK files, one common alternative to macros, show how they are used in the wild, and finally discuss various ways for detection. Microsoft's decision to...
Read more

Wiper Malware: Purposes, MITRE Techniques, and Attacker's Trade-Offs

Image
Following recent events in Ukraine, various cybersecurity agencies such as CISA or BSI have warned of potential data wiping attacks spillover to organisations in other countries. While destructive malware such as wipers are still rare and more targeted compared to malware focused on espionage and financial gains, there are reasons for believing that this wipers will become more prevalent: If hybrid warfare operations continue and/or intensify, it must be assumed that (destructive) cyber operations will increasingly be used alongside kinetic weapons despite the fact significant impact has not yet been observed in the current war. Sanctions and/or support for Ukraine by other countries may also increase the risk for Russian retaliatory cyber attacks against those countries. The increasing number of (sophisticated) hacktivists that support either Russia or Ukraine for ideological reasons (e.g., IT Army of Ukraine counts ~300,000 people in their Telegram group) may lead to more s...
Read more

Machines Like Me

Machines Like Me is a 2019 novel by British author Ian McEwan. The novel is written ironically and at the same time deeply. It is set in London in the 1980s and offers an "alternative variant" of London. Charlie, a man in his 40s, tries to make ends meet through sporadic, impulse-driven businesses while trying to avoid permanent employment. He is in love with the much younger student Miranda, who lives in the house directly above him. When Charlie's mother dies, he buys "Adam" with the inheritance. Adam is the first man-made, synthetic human. Charlie installed along with Miranda Adam and his personality. A unique relationship develops between the "perfect" humanoid Adam, Charlie and Miranda. As time goes on, they are haunted by a terrible secret from the past. This presents the three with a massive moral dilemma. I found four aspects of this novel particularly entertaining / interesting: 1. Time merging: In the novel, Alan Turing (British computer sci...
Read more