Stay connected with our latest articles…

Categories: analysis arm64 detection bec dfir staysecure malware threat intelligence press comae tools blockchain conference

Tags: DFIR RedTeam CALCGANG remote stardust windbg ethereum defcon blackhat theshadowbrokers notpetya wannacry sstic opcde hibr2bin nsa

July 1, 2020
SMBaloo - Building a RCE exploit for Windows ARM64 (SMBGhost Edition) -From zero to hero!

April 12, 2020
Keep Office 365 safe from BEC when you are an SME -Business Email Compromise (BEC) attacks are growing among SMEs.

March 13, 2020
Yet Another Active Email Campaign With Malicious Excel Files Identified -We identified another a potential campaign in preparation where the victim would received a zip file containing a Malicious Excel file embedding…

March 8, 2020
Forced to work remotely? -COVID-19 and Remote Incident Response. Use Comae for one month free.

February 22, 2020
Active Email Campaign Identified With Malicious Excel Files -We identified a potential campaign in preparation where the victim would received a zip file containing a Malicious Excel file embedding…

May 5, 2019
How to Assess and Respond to Assets In Your Cloud? -Analyze your Azure and AWS virtual machines from one command.

April 24, 2019
How to Solve the Blindspots of Event-Driven Detection -A while back, I discussed how memory could be used as an ultimate form of the log as long as the analysis workflow and process is smooth.

January 17, 2019
Leveraging Microsoft Graph API for memory forensics -Endpoint alerts are good, but sometimes it’s not enough.

November 26, 2018
Process Dump Support in Comae Stardust -We now support minidumps!

February 20, 2018
Rethinking Logging for Critical Assets -Going beyond log files, accepting memory as its own format.

February 7, 2018
YARA scans in WinDbg -Because InfoSec loves RegExes.

February 1, 2018
Are your cryptocurrency wallets safe? -TL;DR; Detect DLL injection with Comae Stardust. #MemoryForensics #Blockchain

December 27, 2017
Smart Contract Languages Development to Follow -What languages I’ll keep a close look at next year (2018)

December 14, 2017
From a Crypto Rebels Utopia to a Cybercriminals Paradise. -Hack all the coins.

November 7, 2017
The $280M Ethereum’s Parity bug. -A critical security vulnerability in Parity multi-sig wallet got triggered on 6th November — paralyzing wallets created after the 20th…

July 27, 2017
DEF CON 25: Porosity -Decompiling Ethereum Smart-Contracts

July 27, 2017
BlackHat 2017: The Shadow Brokers — Cyber Fear Game Changers -Cyber Fear As a Service

July 8, 2017
Comae Speaking Engagements (July) -Blockchain Security & Cyber Fear Game-Changers

June 28, 2017
Petya.2017 is a wiper not a ransomware -Ransomware-as-a-service soon to be renamed Lure-as-a-Service

June 27, 2017
Petya— Enhanced WannaCry ? -What we know so far about Byata.

June 10, 2017
Lessons from TV5Monde 2015 Hack -Watch-out for compromised third party accounts and bad Active Directory configuration.

May 23, 2017
Analyze Your System with Comae Stardust -Enterprise memory forensics for incident response and compromise assessment

May 19, 2017
WannaCry — Decrypting files with WanaKiwi + Demos -Working Windows XP & 7 demos. #FRENCHMAFIA

May 15, 2017
WannaCry — Links to Lazarus Group -Potential​ links to North Korea have been found.

May 14, 2017
WannaCry — New Variants Detected! -One new wave stopped today but the worse is yet to come

May 12, 2017
WannaCry — The largest ransom-ware infection in History -More than 70 countries are reported to be infected.

May 2, 2017
Lessons from OPCDE DXB 2017 -More knowledge. Less buzzwords.

April 20, 2017
PASSFREELY: Oracle & SWIFT at risk -On 14 April, the mysterious group ShadowBrokers released an archive containing several exploits, tools and operational notes on one of the…

April 14, 2017
ShadowBrokers: The NSA compromised the SWIFT Network -This is by far, the most interesting release from Shadow Brokers as it does not only contain tools — but also materials describing the most…

April 13, 2017
OPCDE Crackme Solution -Thanks to Mohamed Saher for publishing a complete 63 pages solution for the Student Crackme.

March 23, 2017
Cyber-Security Thoughts on Trump’s Laptop Ban -A while ago I left the U.S. to move to Dubai, and I’m currently affected by the travel ban. I would like to share some of my thoughts on…

January 13, 2017
Summary of the latest ShadowBrokers release (+IOCs) -In 2015, Kasperky published an analysis of the EquationDrug platform — Yesterday, ShadowBrokers reappeared and published files related of…

January 3, 2017
More open-source tools -Hibr2Bin goes open source again.

December 19, 2016
Do NOT let bad security practices ruin your holidays! -For many companies and individuals, there is this misconcept that hackers are bad people and that security comes down to anti-viruses and…

November 2, 2016
Quick look at AtomBombing with WinDbg -Atom Bombing

October 5, 2016
Is Harold Martin behind Shadow Brokers ? -The New York Times just released an article on the arrest of Harold T. Martin arrest and his criminal complaint is dated of 29th August…

September 29, 2016
Speaking engagements — Oct-Nov 2016 -Come listen to our CEO, Matt Suiche, speaking on cyber-security in Dubai (United Arab Emirates), Goa (India) and Bucharest (Romania).

September 3, 2016
Oui, La NSA hacked France in 2012 -If you speak French and have one hour available, just skip the article and go straight to the video. Otherwise, here are some notes from…

August 22, 2016
Comae In The Press This Week -15 August 2016

August 16, 2016
NodeJS module for Azure Blob Storage -Our team member Sven Lito just released a new module for Azure Blob Storage, which you can find at the following address:

August 15, 2016
Shadow Brokers: NSA Exploits of the Week -Today an unknown group called Shadow Brokers started an auction after claiming they hacked Equation Group (NSA entity named like that by…

June 25, 2016
Matt Suiche joins Review Board of BlackHat Conference -