Stratosphere is happy to announce the accepted projects in the Google Summer of Code (GSoC) 2023!
After evaluating all the works sent by the candidates, at the end of the September 2022, the winner was selected! The award and money prize was given to Estelle Ruellan a master student of criminology from the Université de Montréal!
We are happy to announce that Slips will be presented at BlackHat USA 2022 Arsenal in Las Vegas on Thursday, August 11, from 1:00 pm to 2:30 pm: https://bit.ly/SlipsBHUSA22.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. In this blog we introduce version 0.9.0, with support of peer-to-peer threat intelligence sharing.
Privacy-preserving DNS protocols like DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ) have been around since 2014 but they have only recently been brought to the attention of the general public following Firefox’s announcement to make DoH a default.
This is the fifth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT07-AhMyth [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, and SpyMax RAT.
This post is a continuation of the IoT-23 In Depth series based on the IoT-23 Dataset, the first dataset of malicious and benign IoT network traffic, that consists of 23 scenarios. In this blog post we provide an analysis of Scenario 9, CTU-IoT-Malware-Capture-60-1. This malware sample is called Hide-and-Seek. This variant is an IoT malware family capable of different types of DDoS attacks, exploits vulnerabilities in other devices, such as routers and wireless cameras, and to brute force the Telnet service across the Internet to expand its botnet. This malware makes use of the custom peer-to-peer (P2P) protocol to transfer data.
This post is a continuation of the IoT-23 In Depth series based on the IoT-23 Dataset, the first dataset of malicious and benign IoT network traffic, that consists of 23 scenarios [1]. In this blog post we provide an analysis of Scenario 9 [2], CTU-IoT-Malware-Capture-60-1. This malware sample is called Gafgyt. This variant is an IoT malware family capable of different types of DDoS attacks and exploits vulnerabilities in other devices, such as routers, to expand its botnet which has been seen attacking gaming servers [3].
A couple of weeks ago, we released the IoT-23 Dataset, the first dataset of malicious and benign IoT network traffic, that consists of 23 scenarios. In this blog post we provide an analysis of Scenario 18, CTU-IoT-Malware-Capture-9-1. This malware sample is Hajime. We analysed the binary sample and the network traffic of this scenario.
In this blog post we introduce the “Hexa Payload Decoder Tool”, a tool that is able to process a pcap file and return any decoded characters translated to English. This tool was developed to assist the network security analyst when working and interpreting data sent and received by command and control servers used by malware.
This blogpost aims to give an insight of an IRCBased botnet describing the network behavior and showing the analysis of the C&C. By analyzing this botnet network traffic it was possible to identify the botmasters using an IRC channel and observe not only the conversation between them but also the orders they give to the bot.
