Unransomware: From Zero to Full Recovery in a BlinkThis blog post discusses how we, DCSO’s Incident Response Team (DIRT), were able to help an Akira ransomware victim restore their business…Nov 4Nov 4
XZ Backdoor: How to check if your systems are affected?A principal software engineer at Microsoft by the name of Andres Freund accidentally stomped upon a backdoor within XZ, the popular…Apr 8Apr 8
How Rogue ISPs Tamper With GeofeedsGeofeeds allow ISPs to publish information on the physical location of their networks. But what if a rogue ISP puts false information in…Mar 19Mar 19
To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software InstallerEarlier this year, DCSO observed an intriguing malware sample that we believe to be part of DPRK-linked activity targeting the Russian MID.Feb 21Feb 21
Overview: Evidence Collection of Ivanti Connected Secure AppliancesThis article summarizes methods that can be used to gather forensic evidence from Ivanti appliances.Feb 12Feb 12
Reporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks QuestionsNot all Tor relays are created equal. A closer look at network communication between a Volt Typhoon C2 and a Tor relay prompts questions.Jan 30Jan 30
#ShortAndMalicious — DarkGateDissecting DarkGate’s new key log encryption and tools to decrypt key log filesSep 19, 2023Sep 19, 2023
Microsoft Edge Forensics: Screenshot HistoryAccording to a recent article on Neowin, Microsoft Edge has a new feature that allows it to take screenshots of every web page a user…Sep 3, 20231Sep 3, 20231
Hostile Code: Dealing with stack strings in IDAPythonStack strings — A common obfuscation technique used in malware, and how to deal with them using IDAPythonAug 15, 20231Aug 15, 20231
Andariel’s “Jupiter” malware and the case of the curious C2DCSO monitoring caught a “Jupiter” sample configured to fetch commands from the homepage of the National Institute of Virology IndiaMay 16, 2023May 16, 2023