Open in app
Sign inGet started
The Brief Glory of Cabassous/FluBot — a private Android banking botnet

The Brief Glory of Cabassous/FluBot — a private Android banking botnet

A new botnet has surfaced in late 2020, take a look at the details about this criminal operation targeting banking users in Spain and…
Go to the profile of Aleksejs Kuprins
Aleksejs Kuprins
The Nemty affiliate model

The Nemty affiliate model

Almost a year after the end of the operations of Nemty ransomware, we are going to try here to present some internal details of their…
Go to the profile of Benoit ANCEL
Benoit ANCEL
Silencing Microsoft Defender for Endpoint using firewall rules

Silencing Microsoft Defender for Endpoint using firewall rules

Windows Defender for Endpoint (Formerly Windows Defender ATP) is a so-called “cloud powered” EDR product[1], i.e. alerts and events are…
Go to the profile of Søren Fritzbøger
Søren Fritzbøger
GCleaner, Garbage provider since 2019

GCleaner, Garbage provider since 2019

How malware actually ends up on millions of endpoints
Go to the profile of Benoit ANCEL
Benoit ANCEL
The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices

The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices

Background
Go to the profile of Aleksejs Kuprins
Aleksejs Kuprins
CVE-2020–1088 — Yet another arbitrary delete EoP

CVE-2020–1088 — Yet another arbitrary delete EoP

In January of 2020 I found and reported an Escalation of Privilege (EoP) vulnerability that allowed arbitrary deletion of files using WER.
Go to the profile of Søren Fritzbøger
Søren Fritzbøger
The end of Dreambot? Obituary for a loved piece of Gozi

The end of Dreambot? Obituary for a loved piece of Gozi

Dreambot seems to finally be out of service after +6 years of activity. The back-end servers of the botnet are down for a few weeks now…
Go to the profile of Benoit ANCEL
Benoit ANCEL
About CSIS TechBlogLatest StoriesArchiveAbout MediumTermsPrivacy