by Masarah Paquet-Clouston | Dec 2, 2020
This blogpost summarizes cutting-edge research that uncovers an obfuscation-as-a-service platform for Android applications. From a thorough analysis of the obfuscation techniques to comprehending the service’s usage, efficiency, and potential profitability, as well as...
by Emilio Gonzalez | Dec 19, 2018
As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server. When...
by Sebastian Feldmann | Feb 14, 2018
This post describes a backdoor that spawns a fully encrypted and integrity checked reverse shell that was found in our SSH honeypot, and that was presented at GoSec 2017 in Montreal. We named the backdoor ‘Chaos’, following the name the attacker gave it on the system....
by GoSecure | Jun 30, 2017
In the last few days, we closely followed the malicious software outbreak that took control of about 12,500 devices, mostly in Ukraine and Russia, demanding a $300 ransom from the infected device’s owner. Although this new attack is fascinating, we noticed that the...
by Olivier Bilodeau | Feb 16, 2017
Malware analysis is like defusing bombs. The objective is to disassemble and understand a program that was built to do harm or spy on computer users (oops, this is where the bomb analogy fails, but one gets the point). That program is often obfuscated (ie: packed) to...
by Olivier Bilodeau | Dec 8, 2016
For those who missed it, here is the video of our BlackHat Europe 2016 presentation titled EGO-MARKET: When People’s Greed for Fame Benefits Large-Scale Botnets: You can access the full conference paper here.