-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
20 lines (20 loc) · 13.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<!doctype html><html lang=en dir=auto><head><meta name=generator content="Hugo 0.135.0"><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>133742 Personal Blog</title>
<meta name=description content><meta name=author content><link rel=canonical href=https://1337-42.github.io/><link crossorigin=anonymous href=/assets/css/stylesheet.fc220c15db4aef0318bbf30adc45d33d4d7c88deff3238b23eb255afdc472ca6.css integrity="sha256-/CIMFdtK7wMYu/MK3EXTPU18iN7/MjiyPrJVr9xHLKY=" rel="preload stylesheet" as=style><link rel=icon href=https://1337-42.github.io/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://1337-42.github.io/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://1337-42.github.io/favicon-32x32.png><link rel=apple-touch-icon href=https://1337-42.github.io/apple-touch-icon.png><link rel=mask-icon href=https://1337-42.github.io/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://1337-42.github.io/index.xml><link rel=alternate type=application/json href=https://1337-42.github.io/index.json><link rel=alternate hreflang=en href=https://1337-42.github.io/><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><script async src="https://www.googletagmanager.com/gtag/js?id=G-PVS53XHV2N"></script><script>var dnt,doNotTrack=!1;if(!1&&(dnt=navigator.doNotTrack||window.doNotTrack||navigator.msDoNotTrack,doNotTrack=dnt=="1"||dnt=="yes"),!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-PVS53XHV2N")}</script><meta property="og:title" content="133742 Personal Blog"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://1337-42.github.io/"><meta name=twitter:card content="summary"><meta name=twitter:title content="133742 Personal Blog"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"Organization","name":"133742 Personal Blog","url":"https://1337-42.github.io/","description":"","thumbnailUrl":"https://1337-42.github.io/favicon.ico","sameAs":["https://www.linkedin.com/in/remco-sprooten/","https://x.com/rsprooten","https://github.com/1337-42/"]}</script></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://1337-42.github.io/ accesskey=h title="133742 Personal Blog (Alt + H)">133742 Personal Blog</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://1337-42.github.io/about/ title=About><span>About</span></a></li><li><a href=https://1337-42.github.io/archives title=Archive><span>Archive</span></a></li><li><a href=https://1337-42.github.io/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li><li><a href=https://1337-42.github.io/categories/ title=Categories><span>Categories</span></a></li><li><a href=https://1337-42.github.io/tags/ title=Tags><span>Tags</span></a></li></ul></nav></header><main class=main><article class="first-entry home-info"><header class=entry-header><h1>Tech Insights by 133742</h1></header><div class=entry-content>Doing malware analysis for security insights, and programming adventures from a passionate tech enthusiast.</div><footer class=entry-footer><div class=social-icons><a href=https://www.linkedin.com/in/remco-sprooten/ target=_blank rel="noopener noreferrer me" title=Linkedin><svg viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M16 8a6 6 0 016 6v7h-4v-7a2 2 0 00-2-2 2 2 0 00-2 2v7h-4v-7a6 6 0 016-6z"/><rect x="2" y="9" width="4" height="12"/><circle cx="4" cy="4" r="2"/></svg>
</a><a href=https://x.com/rsprooten target=_blank rel="noopener noreferrer me" title=Twitter><svg viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M23 3a10.9 10.9.0 01-3.14 1.53 4.48 4.48.0 00-7.86 3v1A10.66 10.66.0 013 4s-4 9 5 13a11.64 11.64.0 01-7 2c9 5 20 0 20-11.5a4.5 4.5.0 00-.08-.83A7.72 7.72.0 0023 3z"/></svg>
</a><a href=https://github.com/1337-42/ target=_blank rel="noopener noreferrer me" title=Github><svg viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M9 19c-5 1.5-5-2.5-7-3m14 6v-3.87a3.37 3.37.0 00-.94-2.61c3.14-.35 6.44-1.54 6.44-7A5.44 5.44.0 0020 4.77 5.07 5.07.0 0019.91 1S18.73.65 16 2.48a13.38 13.38.0 00-7 0C6.27.65 5.09 1 5.09 1A5.07 5.07.0 005 4.77 5.44 5.44.0 003.5 8.55c0 5.42 3.3 6.61 6.44 7A3.37 3.37.0 009 18.13V22"/></svg></a></div></footer></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>Bit Hamming in Golang: SIMD Supported Code</h2></header><div class=entry-content><p>For a recent project, I needed to calculate the Hamming distance between a very large set of byte sequences.
As usual, I started by making a proof-of-concept in Python; however, it became clear very quickly that I would not be able to get the speeds I needed for this project. As long as we have the famous GIL in Python, it will be very difficult to make full use of all the system resources we have available.
...</p></div><footer class=entry-footer><span title='2024-09-30 00:00:00 +0000 UTC'>September 30, 2024</span> · Remco Sprooten</footer><a class=entry-link aria-label="post link to Bit Hamming in Golang: SIMD Supported Code" href=https://1337-42.github.io/posts/dev/golang-simd/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>Betting on Bots: A Deep Dive into Botnet Campaigns</h2></header><div class=entry-content><p>As someone immersed in cybersecurity every day, botnets have always intrigued me with their evolving tactics and increasing sophistication, especially when they are Linux-based. Recently, I happened to come across some of the latest botnet campaigns. In our analysis, we explored how these bots are weaponized for distributed denial-of-service (DDoS) attacks, malware distribution, and crypto mining operations. Additionally, we discussed how attackers are using increasingly automated techniques to monetize their botnets at scale.
...</p></div><footer class=entry-footer><span title='2024-09-27 00:00:00 +0000 UTC'>September 27, 2024</span> · Remco Sprooten</footer><a class=entry-link aria-label="post link to Betting on Bots: A Deep Dive into Botnet Campaigns" href=https://1337-42.github.io/posts/external/betting-on-bots/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>An Elastic approach to large- scale dynamic malware analysis</h2></header><div class=entry-content><p>In my work, I’m always looking for ways to scale malware analysis, and Elastic’s recent advancements really stand out. At Elastic Security Labs, we’ve been working on dynamic malware analysis at a large scale using our Detonate framework. The process involves running malware in sandboxed environments and analyzing behavior to extract meaningful insights. In our latest research, we explored techniques like enrichment pipelines, fingerprinting, and automation to handle massive datasets, filtering out noise and identifying malicious activity with precision.
...</p></div><footer class=entry-footer><span title='2023-07-31 00:00:00 +0000 UTC'>July 31, 2023</span> · Remco Sprooten</footer><a class=entry-link aria-label="post link to An Elastic approach to large- scale dynamic malware analysis" href=https://1337-42.github.io/posts/external/large-scale-dynamic-malware-analysis/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>NAPLISTENER: More Bad Dreams from the Developers of SIESTAGRAPH</h2></header><div class=entry-content><p>NAPLISTENER: More Bad Dreams from the Developers of SIESTAGRAPH
In recent research, we observed a shift in tactics from the threat group behind SIESTAGRAPH, focusing more on establishing persistent access rather than data theft. A new malware variant called NAPLISTENER, an HTTP listener written in C#, is designed to evade network-based detection. NAPLISTENER acts similarly to legitimate services, blending into the background by processing web requests and running commands in memory.
...</p></div><footer class=entry-footer><span title='2023-06-23 00:00:00 +0000 UTC'>June 23, 2023</span> · Remco Sprooten</footer><a class=entry-link aria-label="post link to NAPLISTENER: More Bad Dreams from the Developers of SIESTAGRAPH" href=https://1337-42.github.io/posts/external/naplistener/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>SUDDENICON Supply Chain Attack</h2></header><div class=entry-content><p>SUDDENICON Supply Chain Attack
In recent research, Elastic Security Labs analyzed the SUDDENICON malware, which targeted users of the 3CX VOIP software in a sophisticated supply-chain attack. The attack involved malicious DLLs embedded within the 3CXDesktopApp, which laid dormant for several days before initiating communication with command-and-control servers to download additional payloads. This attack highlights the growing trend of targeting software supply chains to compromise otherwise legitimate applications.
For details on how Elastic detected and mitigated this attack, and to see the technical breakdown, check out the full post on the ESL blog:
...</p></div><footer class=entry-footer><span title='2023-05-05 00:00:00 +0000 UTC'>May 5, 2023</span> · Remco Sprooten</footer><a class=entry-link aria-label="post link to SUDDENICON Supply Chain Attack" href=https://1337-42.github.io/posts/external/3cx/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>REF2924: How to Maintain Persistence as an Advanced Threat</h2></header><div class=entry-content><p>REF2924: How to Maintain Persistence as an Advanced Threat
In a recent update, we explored how the threat group behind SIESTAGRAPH, NAPLISTENER, and SOMNIRECORD maintains persistence in victim environments. Their toolkit includes custom malware, such as .NET webshells, and open-source tools like TFirewall and AdFind. These tools enable the attackers to blend into legitimate processes, establish footholds, and escalate privileges using scheduled tasks, DLL injections, and stealthy HTTP listeners.
For a more detailed breakdown of these persistence techniques and insights into how the group evades detection, check out the full post on the ESL blog:
...</p></div><footer class=entry-footer><span title='2023-03-27 00:00:00 +0000 UTC'>March 27, 2023</span> · Remco Sprooten</footer><a class=entry-link aria-label="post link to REF2924: How to Maintain Persistence as an Advanced Threat" href=https://1337-42.github.io/posts/external/ref2924/></a></article></main><footer class=footer><span>© 2024 <a href=https://1337-42.github.io/>133742 Personal Blog</a></span> ·
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>