During an incident response investigation, our threat researchers and incident responders uncovered several bespoke backdoors deployed by OceanLotus Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the threat actor using obfuscated CobaltStrike Beacon payloads to perform C2. This white paper is dedicated to in-depth technical analysis of the malware, C2 protocols, TTPs and general observations.
Panda Banker is a heavily obfuscated, highly configurable, and active malware. Threat actors use this malware to steal bank/credit card information, personal data, and web wallet/blockchain information. Major targets include companies in United States, Canada, and Japan.
Address Windowing Extensions (AWE) is a set of extensions that allows an application to quickly manipulate physical memory greater than 4GB. These extensions were created to address memory constraints with the 32-bit memory model. After reading the documentation for AWE I decided to think about some ways we could (ab)use it. Documentation of an API or set of functions may declare one thing but the code may contain some flawed implementation of its intent. It’s our duty to challenge these intentions.
In this episode of the InSecurity Podcast, host Matt Stephenson is joined by special guest Theresa Payton who discusses her journey from securing the financial industry, to becoming the first woman to hold the title of White House CIO, to starring on a hit TV show on CBS, to her role in helping locate and rescue exploited children.
In this episode of the InSecurity Podcast, host Matt Stephenson is joined by special guests Pete Seeber, Mike Viruso, and Rick Ingersoll of Rocus Networks - securing confidence in the digital economy with the best-in-breed technology.