New Slips version 0.8.4 is here! Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
New Slips version 0.8.4 is here!
Studying the Distribution of Computational Propaganda with SerpAPI
In the Stratosphere Laboratory we set out to address this challenge of detecting if a news article is propaganda by leveraging a new idea: find which other sites are linking/referencing the news article. In this blog post, we will show how we accomplished this by using SerpApi.
Studying Cybercrime is Fun! An Overview of Five Years of Research Surrounding the Geost Botnet
New Slips version 0.8 is here!
In the last couple of months we have been busy continuing with the development of Slips, our behaviour machine learning system. And finally we published version 0.8, with crazy amount of features! You can download it from here https://github.com/stratosphereips/StratosphereLinuxIPS. And read the documentation here https://stratospherelinuxips.readthedocs.io/en/develop/.
The prevalence of DNS over HTTPS By Karel Hynek
Create and Test Your Own TAXII Server
Dissecting a RAT. Analysis of the Saefko RAT.
This is the eighth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT06-Saefko [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, SpyMax RAT, AndroRAT, HawkShaw, AhMyth and Command-line AndroRAT.
Dissecting a RAT. Analysis of the Command-line AndroRAT.
This is the seventh blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT08-command-line-AndroRAT [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, SpyMax RAT, AhMyth RAT and HawkShaw RAT.
Dissecting a RAT. Analysis of the HawkShaw.
This is the sixth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT03-HawkShaw [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, SpyMax RAT, AndroRAT RAT and AhMyth RAT.
Dissecting a RAT. Analysis of the AhMyth.
This is the fifth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT07-AhMyth [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, and SpyMax RAT.
Dissecting a RAT. Analysis of the AndroRAT.
This is the fourth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT05-AndroRAT [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, and SpyMax RAT.
Dissecting a RAT. Analysis of the SpyMAX.
This is the third blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT04-SpyMAX [download here].
Dissecting a RAT. Analysis of DroidJack v4.4 RAT network traffic.
This is the second blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset, a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT02-DroidJack v4.4.
The Attacking Active Directory Game - Can you outsmart the Machine Learning model? Help us by playing the evasion game!
The “Attacking Active Directory Game” is part of a project where our researcher Ondrej Lukas developed a way to create fake Active Directory (AD) users as honey-tokens to detect attacks. His machine learning model was trained in real AD structures and can create a complete new fake user that is strategically placed in the structure of a company.
Stratosphere Datasets Update: Quickly Browse and Search!
We share with everyone the need for an easier way of searching through these datasets to find the appropriate data needed for specific research. As a small step in this direction, we are introducing a new dataset index: https://mcfp.felk.cvut.cz/publicDatasets/datasets.html .
Dissecting a RAT. Android Tester Trojan Analysis and Decoding.
This is the first blog post of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide an analysis of the network traffic of the RAT01-Android Tester v6.4.6 [download here].
Deep Dive into an Obfuscation-as-a-Service for Android Malware
While confined in our homes studying the interactions of individuals involved in the spread of the Android banking Trojan botnet (known as Geost), we encountered a unique opportunity: investigate an automated obfuscation-as-a-service platform for Android malware authors.
Indeed, in a leaked chat log that involved Geost botnet operators, two individuals talked about an obfuscation service used to “protect” their malicious Android Applications (APKs) from being detected by antivirus engines. We visited the website related to the “protection” service (protection from antivirus engines -so basically obfuscation), which raised a lot of questions: How does this obfuscation service work? Is it automated? Does it really obfuscate applications well enough to avoid malicious applications being detected? How well is the service known in the underground community?
Android Mischief Dataset
In this blog, we introduce our new dataset called the Android Mischief Dataset for the benefit of the security research community. It contains the network traffic from mobile devices infected with Android Remote Access Trojans. This blog describes the structure and the content of our dataset, its creation methodology, and links to download it.
Installing and Running Slips in Docker
The Stratosphere Linux IPs, for short Slips, is a free software intrusion prevention system that uses machine learning. Slips allows analysts to quickly sift through large network captures as well as real live traffic, highlighting what is important to analyze. The analysis we do as part of the Emergency VPN service at Civilsphere relies heavily on Slips.
White Paper: Current State of IPv6 Security in IoT
This white paper explores what is the current state of IPv6 security in IoT, what is the global growth of IPv6 and how does this growth look like in a real network. If IPv6 is already being used, are attackers already attacking using this protocol? Is there already malware capable of attacking on IPv6? Read through as we aim to answer these questions.