Pages

Web documents written by Talos team members.

Threat Spotlight: Angler Exposed Generating Millions in Revenue

October 6, 2015
This post was authored by Nick Biasini with contributions from Joel Esler, Warren Mercer, Melissa Taylor, and Craig Williams.

Zeus Trojan Analysis

Alex Kirk

Content-Type Mismatch Detection

Alex Kirk

papers

Papers and publications written by Talos team members.

Hacking the Belkin E Series Omniview 2-Port KVM Switch

April 6, 2017
Ian Payton

Function Identification and Recovery Signature Tool

October 19, 2016
Angel M. Villegas

RAMBO: Run-time packer Analysis with Multiple Branch Observation

July 7, 2016
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, and Pablo G. Bringas

Subverting Operating System Properties through Evolutionary DKOM Attacks

July 7, 2016
Mariano Graziano, Lorenzo Flore, Andrea Lanzi, and Davide Balzarotti

ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks

May 30, 2016
Mariano Graziano, Davide Balzarotti, Alain Zidouemba

CRYPTOWALL 4: THE EVOLUTION CONTINUES

April, 2016
Andrea Allievi and Holger Unterbrink with contributions from Warren Mercer

THREAT SPOTLIGHT: POSEIDON, A DEEP DIVE INTO POINT OF SALE MALWARE

May, 2014
Talos Group

THREAT SPOTLIGHT: ANGLER LURKING IN THE DOMAIN SHADOWS

April, 2014
Talos Group

PROTECTING WINDOWS AND MAC USERS AGAINST THE “KYLE AND STAN” MALVERTISING NETWORK

November, 18 2014
THE FOLLOWING MEMBERS OF THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP CONTRIBUTED TO THIS PAPER. SHAUN HURLEY, DAVID MCDANIEL, AND ARMIN PELKMANN.

DECONSTRUCTING AND DEFENDING AGAINST GROUP 72

November, 11 2014
ANDREA ALLIEVI, JOEL ESLER, DOUGLAS GODDARD, SHAUN HURLEY, MARTIN LEE, CRAIG WILLIAMS, AND ALAIN ZIDOUEMBA.

presentations

Presentations written by Talos team members and presented at conferences around the world.

Function Identification and Recovery Signature Tool

November 2016
Angel M. Villegas

RAMBO: Run-time packer Analysis with Multiple Branch Observation

July 7, 2016
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, Pablo G. Bringas

Subverting Operating System Properties through Evolutionary DKOM Attacks

July 7, 2016
Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti

Go Speed Tracer

May 30, 2016
Richard Johnson

ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks

May 30, 2016
Mariano Graziano, Davide Balzarotti, Alain Zidouemba

Exploit Kits: Hunting the Hunters

May 2016
Nick Biasini

FUZZING AND PATCH ANALYSIS: SAGELY ADVICE

RICHARD JOHNSON, RYAN PENTNEY, MARCIN NOGA, YVES YOUNAN, PIOTR BANIA, PAWEL JANIC (EMERITUS)

HARDER, BETTER, FASTER, STRONGER: SEMI-AUTO VULNERABILITY RESEARCH

IMPROVING SOFTWARE SECURITY WITH DYNAMIC BINARY INSTRUMENTATION

Richard Johnson

Characteristics Detection HTTP CNC

Richard Johnson

Razorback Framework

Richard Johnson

TAINT NOBODY GOT TIME FOR CRASH ANALYSIS

Richard Johnson

A CASTLE MADE OF SAND

Richard Johnson

A CLOSE LOOK AT ROGUE ANTIVIRUS PROGRAMS

June, 2011
Alain Zidouemba

DETECTING OBFUSCATED MALICIOUS JAVASCRIPT WITH SNORT AND RAZORBACK

November, 2010
Richard Johnson

Microsoft to SID mapping archive

Microsoft Vulnerability Advisories and their corresponding Snort Subscriber Rules, includes operating system and software vulnerabilities.


IP Blacklist

List of known malicious network threats.


AMP Naming Conventions Guide

Threat naming convention information.


AWBO EXERCISES

Practice for exploit developers to help familiarize them with Advanced Windows Buffer Overflows.


Cisco Security

Learn more about Cisco's additional security research and solutions designed to provide advanced threat protection before, during, and after an attack.