A Detailed Analysis of Lazarus’ RAT Called FALLCHILLFALLCHILL is a RAT that has been used by Lazarus Group since 2016. The malware decrypts multiple strings at runtime using... KNOWLEDGE CENTER cybersecurity RAT Vjw0rm Worm Whitepaper Vjw0rm Worm/RAT September 17, 2021 Vjw0rm is a worm that usually spreads via USB drives. It’s also classified as a RAT because it executes commands received... AES256 algorithm Makop ransomware malware Whitepaper Makop Ransomware August 27, 2021 Makop ransomware encrypts user’s files using the AES256 algorithm and advises the victims to contact the attackers via Tox (P2P instant-messaging... Credential Dumping malware Whitepaper Windows 10 Mitigating Credential Dumping on Windows Clients July 9, 2021 Credential dumping from compromised Windows clients allows the attacker to perform lateral movement and gain control even after more sensitive hosts... Django Templates post-exploitation Python server-side template injection SSTI Whitepaper Django Templates Server-Side Template Injection v1.0 June 16, 2021 Long gone are days of static websites, nowadays sites need to be dynamic to be attractive and useful. One of... cybersecurity phishing Phishing Infrastructure Whitepaper PHISHING INFRASTRUCTURE May 12, 2021 Phishing Capabilities Demonstration The goal of this whitepaper is to summarize technical details of a phishing infrastructure we developed and... attack vectors cybersecurity exploit penetration test vulnerability Whitepaper Successful (And Easy) Attack Vectors 2020 May 3, 2021 How can attackers access your MFA-protected Company mailboxes? How can they move from one machine to another in your infrastructure?... DearCry Ransomware Exchange server exploitation microsoft Microsoft Exchange ransomware Remote Code Execution DearCry Ransomware Malware Analysis and Reverse Engineering April 8, 2021 The goal of this paper is to provide a deep analysis of DearCry ransomware and demonstrate some techniques of malware... Case Study Exchange server exploitation Microsoft Exchange ProxyLogon Vulnerability Remote Code Execution Microsoft Exchange – ProxyLogon Vulnerability Analysis March 18, 2021 The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that... Case Study Detecting Malware Capabilities With capa egregor egregor ransomware Malware Analysis Unpacking of Egregor Ransomware – Malware Analysis January 21, 2021 Executive Summary In this case study, we describe malware analysis and unpacking of a newly emerged ransomware Egregor. It is... Logchecker Tool Technical Tools Threat Intelligence Solution What is Logchecker Logchecker – New Tool for Threat Intelligence Developed by LIFARS January 12, 2021 Introducing The Logchecker Tool Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It... Handling Cybersecurity Incidents according to NIST SP-61 Incident Response Process Whitepaper Incident Response Process November 3, 2020 Handling Cybersecurity Incidents according to NIST SP-61 According to ISO/IEC 27035:2011 on Information security incident management, an information security incident... Cybersecurity exercises International Standard ISO 22398 Whitepaper Cybersecurity Exercises Whitepaper November 3, 2020 Conducting Cybersecurity Exercises According to International Standard ISO 22398 Exercises and simulation activities have been around for decades, if not... For Developers and Office Workers Guide to Hardening Windows 10 Technical Guide Guide to Hardening Windows 10 November 3, 2020 Introduction Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing... Case Study phishing ryuk ryuk ransomware Ryuk Ransomware In The Healthcare Sector zbot The Assassin Squad: Zbot and RYUK October 29, 2020 Overview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison... Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen...
A Detailed Analysis of Lazarus’ RAT Called FALLCHILLFALLCHILL is a RAT that has been used by Lazarus Group since 2016. The malware decrypts multiple strings at runtime using...
KNOWLEDGE CENTER cybersecurity RAT Vjw0rm Worm Whitepaper Vjw0rm Worm/RAT September 17, 2021 Vjw0rm is a worm that usually spreads via USB drives. It’s also classified as a RAT because it executes commands received... AES256 algorithm Makop ransomware malware Whitepaper Makop Ransomware August 27, 2021 Makop ransomware encrypts user’s files using the AES256 algorithm and advises the victims to contact the attackers via Tox (P2P instant-messaging... Credential Dumping malware Whitepaper Windows 10 Mitigating Credential Dumping on Windows Clients July 9, 2021 Credential dumping from compromised Windows clients allows the attacker to perform lateral movement and gain control even after more sensitive hosts... Django Templates post-exploitation Python server-side template injection SSTI Whitepaper Django Templates Server-Side Template Injection v1.0 June 16, 2021 Long gone are days of static websites, nowadays sites need to be dynamic to be attractive and useful. One of... cybersecurity phishing Phishing Infrastructure Whitepaper PHISHING INFRASTRUCTURE May 12, 2021 Phishing Capabilities Demonstration The goal of this whitepaper is to summarize technical details of a phishing infrastructure we developed and... attack vectors cybersecurity exploit penetration test vulnerability Whitepaper Successful (And Easy) Attack Vectors 2020 May 3, 2021 How can attackers access your MFA-protected Company mailboxes? How can they move from one machine to another in your infrastructure?... DearCry Ransomware Exchange server exploitation microsoft Microsoft Exchange ransomware Remote Code Execution DearCry Ransomware Malware Analysis and Reverse Engineering April 8, 2021 The goal of this paper is to provide a deep analysis of DearCry ransomware and demonstrate some techniques of malware... Case Study Exchange server exploitation Microsoft Exchange ProxyLogon Vulnerability Remote Code Execution Microsoft Exchange – ProxyLogon Vulnerability Analysis March 18, 2021 The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that... Case Study Detecting Malware Capabilities With capa egregor egregor ransomware Malware Analysis Unpacking of Egregor Ransomware – Malware Analysis January 21, 2021 Executive Summary In this case study, we describe malware analysis and unpacking of a newly emerged ransomware Egregor. It is... Logchecker Tool Technical Tools Threat Intelligence Solution What is Logchecker Logchecker – New Tool for Threat Intelligence Developed by LIFARS January 12, 2021 Introducing The Logchecker Tool Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It... Handling Cybersecurity Incidents according to NIST SP-61 Incident Response Process Whitepaper Incident Response Process November 3, 2020 Handling Cybersecurity Incidents according to NIST SP-61 According to ISO/IEC 27035:2011 on Information security incident management, an information security incident... Cybersecurity exercises International Standard ISO 22398 Whitepaper Cybersecurity Exercises Whitepaper November 3, 2020 Conducting Cybersecurity Exercises According to International Standard ISO 22398 Exercises and simulation activities have been around for decades, if not... For Developers and Office Workers Guide to Hardening Windows 10 Technical Guide Guide to Hardening Windows 10 November 3, 2020 Introduction Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing... Case Study phishing ryuk ryuk ransomware Ryuk Ransomware In The Healthcare Sector zbot The Assassin Squad: Zbot and RYUK October 29, 2020 Overview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison... Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen...
cybersecurity RAT Vjw0rm Worm Whitepaper Vjw0rm Worm/RAT September 17, 2021 Vjw0rm is a worm that usually spreads via USB drives. It’s also classified as a RAT because it executes commands received...
AES256 algorithm Makop ransomware malware Whitepaper Makop Ransomware August 27, 2021 Makop ransomware encrypts user’s files using the AES256 algorithm and advises the victims to contact the attackers via Tox (P2P instant-messaging...
Credential Dumping malware Whitepaper Windows 10 Mitigating Credential Dumping on Windows Clients July 9, 2021 Credential dumping from compromised Windows clients allows the attacker to perform lateral movement and gain control even after more sensitive hosts...
Django Templates post-exploitation Python server-side template injection SSTI Whitepaper Django Templates Server-Side Template Injection v1.0 June 16, 2021 Long gone are days of static websites, nowadays sites need to be dynamic to be attractive and useful. One of...
cybersecurity phishing Phishing Infrastructure Whitepaper PHISHING INFRASTRUCTURE May 12, 2021 Phishing Capabilities Demonstration The goal of this whitepaper is to summarize technical details of a phishing infrastructure we developed and...
attack vectors cybersecurity exploit penetration test vulnerability Whitepaper Successful (And Easy) Attack Vectors 2020 May 3, 2021 How can attackers access your MFA-protected Company mailboxes? How can they move from one machine to another in your infrastructure?...
DearCry Ransomware Exchange server exploitation microsoft Microsoft Exchange ransomware Remote Code Execution DearCry Ransomware Malware Analysis and Reverse Engineering April 8, 2021 The goal of this paper is to provide a deep analysis of DearCry ransomware and demonstrate some techniques of malware...
Case Study Exchange server exploitation Microsoft Exchange ProxyLogon Vulnerability Remote Code Execution Microsoft Exchange – ProxyLogon Vulnerability Analysis March 18, 2021 The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that...
Case Study Detecting Malware Capabilities With capa egregor egregor ransomware Malware Analysis Unpacking of Egregor Ransomware – Malware Analysis January 21, 2021 Executive Summary In this case study, we describe malware analysis and unpacking of a newly emerged ransomware Egregor. It is...
Logchecker Tool Technical Tools Threat Intelligence Solution What is Logchecker Logchecker – New Tool for Threat Intelligence Developed by LIFARS January 12, 2021 Introducing The Logchecker Tool Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It...
Handling Cybersecurity Incidents according to NIST SP-61 Incident Response Process Whitepaper Incident Response Process November 3, 2020 Handling Cybersecurity Incidents according to NIST SP-61 According to ISO/IEC 27035:2011 on Information security incident management, an information security incident...
Cybersecurity exercises International Standard ISO 22398 Whitepaper Cybersecurity Exercises Whitepaper November 3, 2020 Conducting Cybersecurity Exercises According to International Standard ISO 22398 Exercises and simulation activities have been around for decades, if not...
For Developers and Office Workers Guide to Hardening Windows 10 Technical Guide Guide to Hardening Windows 10 November 3, 2020 Introduction Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing...
Case Study phishing ryuk ryuk ransomware Ryuk Ransomware In The Healthcare Sector zbot The Assassin Squad: Zbot and RYUK October 29, 2020 Overview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison...
Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen...
