Blog

My writing focuses on information security, with topics ranging from broad IT trends to detailed technical advice on malware. Scroll through the posts to see whether my interests overlap with yours. Follow this blog to keep up with my latest publications.

Hybrid Analysis Grows Up – Acquired by CrowdStrike

CrowdStrike acquired Payload Security, the company behind the automated malware analysis sandbox technology Hybrid Analysis, in November 2017. Jan Miller founded Payload Security approximately 3 years earlier. The interview I conducted with Jan in early 2015 captured his mindset at the onset of the journey that led to this milestone. I briefly spoke with Jan again, a…

Read more

Tips for Reverse-Engineering Malicious Code

This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Overview of the Code Analysis Process Examine static properties…

Read more

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

When analyzing malware or performing other security research, it’s often useful to tunnel connections through a VPN in a public cloud. This approach helps conceal the analyst’s origin, contributing to OPSEC when interacting with malicious infrastructure. Moreover, by using VPN exit nodes in different cities and even countries, the researcher can explore the target from…

Read more

What’s It Like to Join a Startup’s Executive Team?

Startups are the innovation engine of the high-tech industry. Those who’ve participated in them have experienced the thrill and at times the disappointment of navigating uncharted territories of new ideas. Others have benefited from the fruits of these risk-takers’ labor by using the products they created. What’s it like to contribute at an early stage of…

Read more

Disambiguate “Zero-Day” Before Considering Countermeasures

“Zero-day” is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we’ve accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion I’ve seen “zero-day” used to describe two related, but independent concepts. First,…

Read more

The History of Fileless Malware – Looking Beyond the Buzzword

What’s the deal with “fileless malware”? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use…

Read more

Joining Minerva Labs to Keep Malware in Check

As much as I look forward to change sometimes, I am often hesitant to forego the familiar despite recognizing the risks of becoming too comfortable in the same job. Fortunately, I’ve come across an opportunity to take on a new role that matches all three professional objectives I defined for myself: Contribute towards advancing the practice of information security. Grow commercial…

Read more

Reflections of a Security Professional: Podcast Interview

Life rushes forward at the speed of a bullet train. I struggle finding the time to pause and reflect upon the journey travelled and the direction in which I’m heading. Fortunately, I had the opportunity to consider key moments in my professional endeavours so far during the interview that Doug Brush conducted with me for the…

Read more

Misleading Trademark Registration Invoices and Scams

Miscreants are attracted to law-skirting schemes that generate strong revenues without significant ongoing investments. You can observe these characteristics in the trademark registration campaign described below. It seems to have been active for at least a decade and spans Texas, Delaware, Washington and the Principality of Liechtenstein. This is a manifestation of the broader set of fake invoice scams, such is the website…

Read more

How to Send Customer Emails That Don’t Look Like Phishing

Businesses need a way to contact customers in a reliable manner that’s convenient for the recipient. Email is the obvious channel for such messages due to its ubiquity. However, this method presents many security challenges, as illustrated below. While it’s easy to highlight the vulnerabilities in these messages, it’s hard to offer constructive advice for a communications approach that strikes the right…

Read more