PowerShell Inside a Certificate? – Part 1

With the help of a specifically crafted YARA rule developed by NVISO analysts, we found multiple certificate files (.crt) that do not contain a certificate, but instead a malicious PowerShell script. In this blog post, we explain how we crafted this YARA rule. Certificates Certificate files in Windows can have different extensions, like .cer and … Continue reading PowerShell Inside a Certificate? – Part 1

Shortcomings of blacklisting in Adobe Reader and what you can do about it

A variation of a class of malicious PDFs appeared in the wild. In this blog post, we will show you how to protect your systems and how to analyze these PDFs. The PDFs embed a file type with extension .SettingContent-ms that can be used on Windows 10 to execute arbitrary code. We have observed on … Continue reading Shortcomings of blacklisting in Adobe Reader and what you can do about it

Sextortion Scam With Leaked Passwords Succeeds

Following the forum post on¬†sextortion emails being spammed¬†to innocent victims, we were curious to see if this scam would indeed be successful. We have observed similar scam campaigns before, but now the scammers seem to include the victim's password as well, creating a sense of legitimacy. During our analysis we observed 3 payments to the … Continue reading Sextortion Scam With Leaked Passwords Succeeds

Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF

In May 2018, when ESET published a blog post covering PDFs with 2 zero days, our interest was immediately piqued. Promptly after our analysis of these PDFs, we send out an early warning to our customers. Now that Microsoft published a blog post with the detailed analysis of the zero days, we find it appropriate … Continue reading Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF

My Internship Experience at NVISO ‚Äď by Etienne de Jambelinne

Hello, my name is √Čtienne de Jamblinne.I am a second year MA student in cyber-security at the ULB. I am the one on the left in Thibaut‚Äôs photo! As part of my program, I am required to do an internship that acquaints me with ‚Äúreal life‚ÄĚ working experience. Security Awareness? Analysing my options, NVISO seemed … Continue reading My Internship Experience at NVISO ‚Äď by Etienne de Jambelinne