Beginner’s guide to malware analysis and reverse engineering
The article introduces a flexible and practical approach to malware analysis for beginners and experts alike.
The AI SOC Analyst Advantage: The Complete Package With Built-In Reverse Engineering
Imagine hiring the perfect Security Operations Center (SOC) analyst—one with expert-level reverse engineering skills, 24/7/365 availability, and every tool your team could possibly need. This is the reality Intezer’s Autonomous SOC delivers every day to modern security teams. Meet Your SOC AI Analyst Adopting Intezer’s Autonomous SOC platform is like onboarding a world-class security analyst, […]
XE Group: From Credit Card Skimming to Exploiting Zero-Days
Written by Nicole FIshbein, Joakim Kennedy and Justin Lentz Executive Summary This blog provides an in-depth analysis of XE Group’s recent operations based on a collaborative research effort with Solis Security. The team’s findings include detailed technical insights into the exploits used by XE Group, including their utilization of zero-day vulnerabilities (CVE-2024-57968 CVSS score 9.9, […]
Bringing Reverse Engineering to the Frontline of SecOps
In cybersecurity, initial alert triage is like detective work. It demands quick, detailed, and accurate analysis to separate real threats from false positives. But most Security Operations Centers (SOCs) face overwhelming challenges including skyrocketing alert volumes, resource shortages, and limited time for investigations. At Intezer, we’ve reimagined the triage process by bringing reverse engineering (RE)—a […]
Babble Babble Babble Babble Babble Babble BabbleLoader
Loaders, an Ever Evolving Market The pace of innovation and development in the malware detection market is relentless, the same goes for the development of malware itself. Constantly charging and adapting to create ever more evasive and capable payloads. One such sector of this market is the loader (also called crypter or packer) market. In […]
There’s Something About CryptBot: Yet Another Silly Stealer (YASS)
Written by Ryan Robinson and Joakim Kennedy Recently Intezer was investigating a file that we came across during alert triage. This particular file piqued our interest due to the interesting delivery chain, and the even more interesting payload, an intricate infostealer. Intezer has amazing code genetic analysis technology, showing us overlaps of code reuse between […]
Dissecting SSLoad Malware: A Comprehensive Technical Analysis
Written by Nicole Fishbein and Ryan Robinson SSLoad is a stealthy malware that is used to infiltrate systems through phishing emails, gather reconnaissance and transmit it back to its operators while delivering various payloads. Recently, Unit42 highlighted an active campaign leveraging SSLoad in their attack arsenal. One attack vector involves a decoy Word document that delivers […]
.NET Malware 101: Analyzing the .NET Executable File Structure
Welcome to our deep dive into the world of .NET malware reverse engineering. As a security researcher or analyst, you’re likely aware that the .NET framework, famed for its ability to enable rapid and robust application development, is a double-edged sword. The same features that make it attractive to legitimate developers also make it a […]
Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk
Written by Nicole Fishbein and Ryan Robinson On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. […]
How to Analyze Malicious Microsoft Office Files
Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in Intezer for both on-demand sandboxing and automated alert triage. Phishing attacks are one of the three primary ways attackers get access to organizations according to Verizon’s 2023 Data Breach Investigations Report… and many […]