Showing 41 results for: 2013 ×Security Research ×

Look What I Found: It's a Pony!

Every once in a while we get to peek into the lion's den, this time we'll be checking out a fairly large instance of the Pony botnet controller, containing a large amount of stolen credentials and other goodies. Pony, for...

Corporate Passwords Part 1

With the vast amount of research and content that was done by SpiderLabs for the Global Security Report, it made it impractical to include all of the content that was written for this year's password study. But instead of letting...

Old Exploits Still Do the Trick

We are all aware that patching is very important. Many websites, however, take the risk of not updating their software for various reasons: it requires manual modifications, adjustment of the current code to work with the changes, the layout gets...

CBC-R: It's not just for padding oracles!

This is the short, technical version of a technique that I'll be writing more about in a few days. This blog post is geared towards readers already familiar with current topics in cryptanalysis. In Rizzo and Duong's paper on practical...

Machine Learning Update 1

An update on my Machine Learning project to classify, categorize, and otherwise group like pieces of malware together to better understand and analyze malicious code.

Java is So Confusing...

It's been a short while, but we find ourselves again with a Java vulnerability in our hands, this time via a PoC provided by IKVM.NET. This particular vulnerability is somewhat different than most java vulnerabilities we run into, but feels...

Me Myself and I, Robot

I am conducting a research project to look into using a form of AI/ML/NLP to help categorize and classify the gigabytes of malware we process everyday.

Fresh Coffee Served by CoolEK

As you may already know, the past few months have been problematic to Oracle when it comes to security issues discovered in the popular and notorious Java browser plugin. The latest vulnerability that has been spotted to be exploited in...

The Life Cycle of Web Server Botnet Recruitment

This blog post is an excerpt taken from the recently released Global Security Report (GSR) for 2013. Over the course of the past year, my team has monitored and analyzed vast amounts of data within our Web honeypots and shared...