A Petya Ransomware variant that uses the eternalblue exploit starts from Ukraine and spreading…

What we know so far? UPDATE: We have a local vaccine New ransomware start spreading in Ukraine and shutdown a lot of critical infrastructures (hospitals, airport, banks and power plants). Some report coming also from Italy, Germany and Spain. Early comments on VirusTotal indicate the usage of the EternalBlue exploit: Whe started, …

Pär Österberg Medina: Detecting Rootkits in Memory Dumps

A precious presentation by Pär Österberg Medina about dumping and analyzing a memory dump for detecting rootkits, discovered in the twitter feed of Binni Shah: Covered topics What is a rootkit? Dumping the memory How-to analyze a memory dump? Different rootkit techniques and how we detect it The presentation https://www.terena.org/activities/tf-csirt/meeting27/oesterberg-rootkits.pdf