DCSO CyTec Blog – Medium

DCSO CyTec Blog

DCSO CyTec Blog

XZ Backdoor: How to check if your systems are affected?

A principal software engineer at Microsoft by the name of Andres Freund accidentally stomped upon a backdoor within XZ, the popular…

7 min readApr 8, 2024

--

XZ Backdoor: How to check if your systems are affected?

--

DCSO CyTec Blog

How Rogue ISPs Tamper With Geofeeds

Geofeeds allow ISPs to publish information on the physical location of their networks. But what if a rogue ISP puts false information in…

11 min readMar 19, 2024

--

How Rogue ISPs Tamper With Geofeeds

--

DCSO CyTec Blog

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

Earlier this year, DCSO observed an intriguing malware sample that we believe to be part of DPRK-linked activity targeting the Russian MID.

14 min readFeb 21, 2024

--

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

--

DCSO CyTec Blog

Overview: Evidence Collection of Ivanti Connected Secure Appliances

This article summarizes methods that can be used to gather forensic evidence from Ivanti appliances.

5 min readFeb 12, 2024

--

Overview: Evidence Collection of Ivanti Connected Secure Appliances

--

DCSO CyTec Blog

Reporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks Questions

Not all Tor relays are created equal. A closer look at network communication between a Volt Typhoon C2 and a Tor relay prompts questions.

6 min readJan 30, 2024

--

Reporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks Questions

--

DCSO CyTec Blog

#ShortAndMalicious — DarkGate

Dissecting DarkGate’s new key log encryption and tools to decrypt key log files

4 min readSep 19, 2023

--

#ShortAndMalicious — DarkGate

--

DCSO CyTec Blog

Microsoft Edge Forensics: Screenshot History

According to a recent article on Neowin, Microsoft Edge has a new feature that allows it to take screenshots of every web page a user…

5 min readSep 3, 2023

--

1

Microsoft Edge Forensics: Screenshot History

--

1

DCSO CyTec Blog

Hostile Code: Dealing with stack strings in IDAPython

Stack strings — A common obfuscation technique used in malware, and how to deal with them using IDAPython

10 min readAug 15, 2023

--

1

Hostile Code: Dealing with stack strings in IDAPython

--

1

DCSO CyTec Blog

Andariel’s “Jupiter” malware and the case of the curious C2

DCSO monitoring caught a “Jupiter” sample configured to fetch commands from the homepage of the National Institute of Virology India

8 min readMay 16, 2023

--

Andariel’s “Jupiter” malware and the case of the curious C2

--

DCSO CyTec Blog

#ShortAndMalicious — PikaBot and the Matanbuchus connection

A brief analysis of the new loader malware PikaBot.

3 min readFeb 10, 2023

--

1

#ShortAndMalicious — PikaBot and the Matanbuchus connection

--

1

DCSO CyTec Blog

DCSO CyTec Blog

We are DCSO, the Berlin-based German cybersecurity company. On this blog, we share our technical research.

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams