DCSO CyTec BlogXZ Backdoor: How to check if your systems are affected?A principal software engineer at Microsoft by the name of Andres Freund accidentally stomped upon a backdoor within XZ, the popular…7 min read·Apr 8, 2024----
DCSO CyTec BlogHow Rogue ISPs Tamper With GeofeedsGeofeeds allow ISPs to publish information on the physical location of their networks. But what if a rogue ISP puts false information in…11 min read·Mar 19, 2024----
DCSO CyTec BlogTo Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software InstallerEarlier this year, DCSO observed an intriguing malware sample that we believe to be part of DPRK-linked activity targeting the Russian MID.14 min read·Feb 21, 2024----
DCSO CyTec BlogOverview: Evidence Collection of Ivanti Connected Secure AppliancesThis article summarizes methods that can be used to gather forensic evidence from Ivanti appliances.5 min read·Feb 12, 2024----
DCSO CyTec BlogReporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks QuestionsNot all Tor relays are created equal. A closer look at network communication between a Volt Typhoon C2 and a Tor relay prompts questions.6 min read·Jan 30, 2024----
DCSO CyTec Blog#ShortAndMalicious — DarkGateDissecting DarkGate’s new key log encryption and tools to decrypt key log files4 min read·Sep 19, 2023----
DCSO CyTec BlogMicrosoft Edge Forensics: Screenshot HistoryAccording to a recent article on Neowin, Microsoft Edge has a new feature that allows it to take screenshots of every web page a user…5 min read·Sep 3, 2023--1--1
DCSO CyTec BlogHostile Code: Dealing with stack strings in IDAPythonStack strings — A common obfuscation technique used in malware, and how to deal with them using IDAPython10 min read·Aug 15, 2023--1--1
DCSO CyTec BlogAndariel’s “Jupiter” malware and the case of the curious C2DCSO monitoring caught a “Jupiter” sample configured to fetch commands from the homepage of the National Institute of Virology India8 min read·May 16, 2023----
DCSO CyTec Blog#ShortAndMalicious — PikaBot and the Matanbuchus connectionA brief analysis of the new loader malware PikaBot.3 min read·Feb 10, 2023--1--1