DISSECTING VBA MACROS – PART 1 OF 2
Using static analysis to dissect malicious office macros
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
In this interview, Countercept's Peter Cohen explains the art of threat hunting – a proactive rather than reactive approach that doesn’t rely on the attacker tripping alarms.
Our analysis of the technique used by the user mode shellcode from DOUBLEPULSAR, the memory artefacts it leaves behind and a test utility to use the shellcode in a standalone form.
An analysis of common self-decrypting AV bypass techniques and how to hunt for them using EDR approaches...
The PEDDLECHEAP implant is a meterpreter-like in-memory implant used with the DANDERSPRITZ tool from the shadowbrokers leak - this is our analysis
'Fileless' attack techniques have been used in the wild for years, yet due to the low detection rates from traditional security mechanisms its popularity appears to be increasing. In this article we take a look at these techniques and how to hunt for them.
Recent news concerning the China-based group APT10 has brought the issue of securing supply chains to the fore - but do you know if you can detect attacks that are not targeted, in the first instance, at yourselves directly?