Lastline Labs Blog

INSIGHTS FROM LASTLINE LABS RESEARCH AND DEVELOPMENT

Ransomware: Too Overt to Hide [Part 2]

Posted by Alexander Sevtsov ON Apr 13, 2017

[Ransomware Series Part 2] Authored by: Alexander Sevtsov and Clemens Kolbitsch Find more details on this series in Part 1. Ransomware is holding...

Ransomware Delivery Mechanisms [Part 1]

Posted by Alexander Sevtsov ON Mar 15, 2017

Authored by: Alexander Sevtsov and Clemens Kolbitsch Ransomware has become one of the most serious security threats today. Practically every business, public organization...

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 3]

Posted by Clemens Kolbitsch ON Nov 10, 2016

Authored by: Clemens Kolbitsch, Alexander Sevtsov, and Arunpreet Singh Find more details on this series in Part 1 and Part 2. Evasive scripts continue...

Evasive JScript

Posted by Marco Cova ON Nov 3, 2016

One of the characteristics of malware that we follow closely is its use of evasion techniques; that is, techniques that...

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 2]

Posted by Alexander Sevtsov ON Oct 6, 2016

Authored by: Alexander Sevtsov, and Arunpreet Singh Find more details on this series in Part 1 and Part 3. The use of malicious...

Building Static and Dynamic Analyses Using Lastline’s Process Snapshotting

Posted by Arunpreet Singh ON Sep 16, 2016

Learn how Lastline’s process snapshotting supports malware analysis by capturing snapshots at various points throughout a malware program’s execution, allowing...

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 1]

Posted by Alexander Sevtsov ON Aug 31, 2016

Authored by: Alexander Sevtsov, and Arunpreet Singh Find more details on this series in Part 2 and Part 3. Macro malware, introduced back...

Hunting for Ransomware with LLKB

Posted by Gregoire Jacob ON Aug 11, 2016

Leveraging the new clustering feature of the Lastline Knowledge Base to study recent ransomware threats Authored by: Grégoire Jacob and Stefano...

Lastline: It’s as easy as A-P-I

Posted by Giovanni Vigna ON Apr 18, 2016

Lastline’s solutions analyze network traffic, programs, documents, and other artifacts to identify and block advanced malware in enterprise networks. ...

ModPOS: A Framework Lurking in Point-of-Sale System Kernels

Posted by Subrat Sarkar ON Apr 7, 2016

Authored by: Subrat Sarkar, Arunpreet Singh, and Clemens Kolbitsch Diving deeply into the ModPOS malware framework using sandbox process snapshotting Point-of-sale (POS)...

Three interesting changes in malware activity over the past year

Posted by Alexander Sevtsov ON Mar 31, 2016

Every day, our Lastline sensors observe millions of files that our customers download from the Internet or receive as email...

A Peek Behind the Cryptowall

Posted by Arunpreet Singh ON Jan 28, 2016

Bridging static and dynamic analysis using Lastline process snapshotting Authored by: Arunpreet Singh and Dr. Christopher Kruegel ...

Defeating Darkhotel Just-In-Time Decryption

Posted by Arunpreet Singh ON Nov 5, 2015

Authored by: Arunpreet Singh and Clemens Kolbitsch The use of runtime-packing of malware has long become the standard to defeat traditional AV products. At...

PathArmor: Practical ROP Protection Using Context-sensitive CFI

Posted by Asia Slowinska ON Nov 3, 2015

In October 2015, at the ACM CCS 2015 conference, my colleagues Dennis Andriesse and Victor van der Veen from the Vrije Universiteit...

Lifting the Seams of the Shifu “Patchwork” Malware

Posted by Clemens Kolbitsch ON Sep 4, 2015

Authored by: Clemens Kolbitsch and Arunpreet Singh Another week comes to an end, another wave of evasive malware is attacking users. This week: Shifu. This...

Awakening Dormant Functionality in Malware Programs

Posted by Clemens Kolbitsch ON Aug 26, 2015

Authored by: Clemens Kolbitsch, Joe Giron, and Arunpreet Singh Over recent years, we have seen a rapid evolution of security products. Whenever a...

Turla: APT Group Gives Their Kernel Exploit a Makeover

Posted by Arunpreet Singh ON Jul 30, 2015

Authored by: Arunpreet Singh, Clemens Kolbitsch The Turla malware family is part of one of the most sophisticated malware families seen in...

Catching the Hacking Team’s System Access Token Thief Red-Handed

Posted by Arunpreet Singh ON Jul 13, 2015

Authored by: Arunpreet Singh, Roman Vasilenko In their Youtube commercial, the infamous Hacking Team promises to their clients, who are typically government or law...

Unmasking Kernel Exploits

Posted by Roman Vasilenko ON Jul 7, 2015

A large set of publicly disclosed Advanced Persistent Threat (APT) and nation state attacks use sophisticated malware (e.g Turla, Duqu,...

Exposing Rombertik – Turning the Tables on Evasive Malware

Posted by Joe Giron ON May 14, 2015

Authored by: Joe Giron, Clemens Kolbitsch Waves of evasive malware keep rolling in. The latest in the series: Rombertik. This malware...

Lastline Labs Blog

Ransomware: Too Overt to Hide [Part 2]

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 3]

Evasive JScript

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 2]

Building Static and Dynamic Analyses Using Lastline’s Process Snapshotting

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 1]

Hunting for Ransomware with LLKB

Lastline: It’s as easy as A-P-I

ModPOS: A Framework Lurking in Point-of-Sale System Kernels

Three interesting changes in malware activity over the past year

A Peek Behind the Cryptowall

Defeating Darkhotel Just-In-Time Decryption

PathArmor: Practical ROP Protection Using Context-sensitive CFI

Lifting the Seams of the Shifu “Patchwork” Malware

Awakening Dormant Functionality in Malware Programs

Turla: APT Group Gives Their Kernel Exploit a Makeover

Catching the Hacking Team’s System Access Token Thief Red-Handed

Unmasking Kernel Exploits

Exposing Rombertik – Turning the Tables on Evasive Malware

Ransomware: Too Overt to Hide [Part 2]

Ransomware Delivery Mechanisms [Part 1]

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 3]

LATEST PRESS RELEASES

Lastline Wins Gold in Two Categories at the 12th Annual 2017 IT World Awards

MEDIA MENTIONS

Redwood City startup doubles business by taking guesswork out of malware fight

FROM THE BLOG

Poor Enterprise Backups Accentuate Need for Strong Ransomware Protection