“When Tom finished to his tasks, he always found another project to work on, in order to improve his technical and socially skills, his passion for improving left a great impact on me”
Experience & Education
Publications
-
Meet MyloBot – A New Highly Sophisticated Never-Seen-Before Botnet That’s Out In The Wild
Everything you need to know about a new botnet that is out in the while dubbed Mylobot.
-
Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable
BlackHat USA 2016
As part of the research work in Deep Instinct, we are developing sophisticated attack vectors to challenge our product and make it more resilient to different kind of attacks.One of those attack vectors was selected to be one of the main briefings on the main conference of BlackHat at Las Vegas.
This publication provides full details on how we are hiding a malware inside a digitally signed file (while keeping the file with a valid certificate), and executing it using a reflective PE loader…As part of the research work in Deep Instinct, we are developing sophisticated attack vectors to challenge our product and make it more resilient to different kind of attacks.One of those attack vectors was selected to be one of the main briefings on the main conference of BlackHat at Las Vegas.
This publication provides full details on how we are hiding a malware inside a digitally signed file (while keeping the file with a valid certificate), and executing it using a reflective PE loader (the ability to execute PE files directly from memory), written from scatch in Deep Instinct.
We tested this attack vector on many leading security solutions - and we bypassed all of them successfully. -
Ransomware installation method using NSIS installer
-
Over the past few years, we have seen various ways for executing malicious code.
Lately, we’ve noticed a highly complicated one, which uses many layers of evasion techniques, starting from wrapping internal parts with an NSIS installer, XOR encryption, code injection and even usage of Heaven’s Gate technique. Two of the most known ransomware were currently observed using this technique: Locky and Cerber, both in their new versions.
This article describers the way Locky and Cerber…Over the past few years, we have seen various ways for executing malicious code.
Lately, we’ve noticed a highly complicated one, which uses many layers of evasion techniques, starting from wrapping internal parts with an NSIS installer, XOR encryption, code injection and even usage of Heaven’s Gate technique. Two of the most known ransomware were currently observed using this technique: Locky and Cerber, both in their new versions.
This article describers the way Locky and Cerber are taking advantage of NSIS capabilities, to evade security vendors.
Recommendations received
1 person has recommended Tom
Join now to viewOther similar profiles
-
Liran Asia
Connect -
Assaf Mashiah
Connect -
Asaf Ezra
Connect -
Ronni Zehavi
Connect -
Or Latovitz
Co-Founder & CEO @ Stealth • Talpiot Alum
Connect -
Liri Halperin Segal
Connect -
Oren Buskila
Connect -
Yevgeny Dibrov
Connect -
Dan Amiga
Connect -
Peleg Porat
Co-Founder & CEO at Configu | Make production failures caused by poor configuration management a thing of the past
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More