Lastline Labs Blog

Malware in the Wild: Evolving to Evade Detection

Posted by Dr. Engin Kirda ON Apr 15, 2015

Advanced malware is behind many headline-grabbing data breaches, and untold others. It has evolved to elude detection by sensing its...

Dissecting Turla Rootkit Malware Using Dynamic Analysis

Posted by Arunpreet Singh ON Apr 8, 2015

Many of today’s advanced persistent threats have been climbing up the ladder - quite literally: Instead of only using user-mode...

High-Resolution Dynamic Analysis of Windows Kernel Rootkits

Posted by Clemens Kolbitsch ON Mar 17, 2015

Many recently-discovered sophisticated attacks against Windows users have been found to use at least one component executing in the kernel...

Carbanak Malware — Ninety Five Percent Exhibits Stealthy or Evasive Behaviors

Posted by ON Feb 19, 2015

We’ve talked a lot about the increasing sophistication of malware and the serious threats it poses. But it’s rare to...

Not so fast my friend – Using Inverted Timing Attacks to Bypass Dynamic Analysis

Posted by Arunpreet Singh ON Nov 18, 2014

We're very happy that a lot of you are enjoying our research. If you'd like to discuss...

The Malicious 1% of Ads Served

Posted by Giovanni Vigna ON Nov 14, 2014

Last week at IMC Vancouver 2014, cyber-security researcher Apostolis Zarras of Ruhr-University Bochum presented a research paper entitled “The Dark...

Rogue Online Pharmacies Use Fake Security Seals and Content Obfuscation to Deceive Humans and Programs

Posted by Giovanni Vigna ON Sep 17, 2014

New research being presented tomorrow at RAID 2014 demonstrates that just two signals can automatically and effectively detect hundreds of...

A Look at Advanced Targeted Attacks Through the Lense of a Human-Rights NGO, World Uyghur Congress

Posted by Dr. Engin Kirda ON Aug 12, 2014

In my capacity as an academic researcher at Northeastern University, I collaborated with computer scientists Stevens Le Blond, Adina Uritesc...

Exploit Analysis via Process Snapshotting

Posted by Roman Vasilenko ON Jul 29, 2014

In this third post in our blog series on process snapshotting (see previous posts on PlugX and Shiz’ code injection),...

Dissecting Payload Injection Using LLama Process Snapshots

Posted by Roman Vasilenko ON Jun 17, 2014

In our last blog-post on process snapshotting, we showed how process snapshots (or “dumps”) allow bridging the gap between dynamic...

Lastline Labs Blog

Malware in the Wild: Evolving to Evade Detection

Dissecting Turla Rootkit Malware Using Dynamic Analysis

High-Resolution Dynamic Analysis of Windows Kernel Rootkits

Carbanak Malware — Ninety Five Percent Exhibits Stealthy or Evasive Behaviors

Not so fast my friend – Using Inverted Timing Attacks to Bypass Dynamic Analysis

The Malicious 1% of Ads Served

Rogue Online Pharmacies Use Fake Security Seals and Content Obfuscation to Deceive Humans and Programs

A Look at Advanced Targeted Attacks Through the Lense of a Human-Rights NGO, World Uyghur Congress

Exploit Analysis via Process Snapshotting

Dissecting Payload Injection Using LLama Process Snapshots

Evasive Monero Miners: Deserting the Sandbox for Profit

APT28 Rollercoaster: The Lowdown on Hijacked LoJack

A Wild Port Scan Appears. What now?

LATEST PRESS RELEASES

Study Finds Finance Industry Being Targeted by iSpy Variant of HawkEye and Two Other Sophisticated Keyloggers

MEDIA MENTIONS

Fighting Malware: Why Speed Is More Important Than Ever

FROM THE BLOG

Email Security Solutions Part 2: What Does it Take to Implement Effective Email Threat Visibility?