Posts

Lumma Stealer infection .pcap analysis

-
Image
You know that Infostealers play a foundational role in the cybercrime ecosystem because they act as initial access and data collection engines . Instead of going straight for disruption, they quietly harvest credentials, session cookies, browser data, crypto wallets, and system fingerprints from large numbers of machines. This information is then monetized in underground markets, often bundled as “logs” and sold to other actors. The following diagram is an example of the interaction between Infostealer Actors and Ransomware-as-a-Service operators.  Analyzing Malware from the network perspective is always revealing. It looks like Lumma Stealer is living a second life with some recent breaches, including the Context.ai one . Let’s walk through a simple exercise: we will examine a Lumma Stealer infection chain and follow up and then analyze a corresponding malware PCAP sample (special thanks to malware-traffic-analysis.net for making the pcap available ). This will allow us to obser...
Read more

Introduction to Memory Forensics

-
Image
" Memory Forensics is a practice useful in areas like incident response, malicious code analysis, network security, threat intelligence gathering. Each function performed by an operating system or application results in a specific modifications to the computer’s memory (RAM), which can often persist a long time after the action, essentially preserving them. Memory Forensics provide unprecedented visibility into the runtime state of the system, such as which processes were running, open connections, and recently executed commands. " I've written this blog post to introduce some fundamental skills in Memory Forensics . Over the past year, I’ve explored various tools and techniques for hunting malware in memory dumps, gaining insights into memory virtualization and the critical relationship between an operating system and its hardware . As part of this article, I’ve included a hands-on tutorial on using the Volatility Framework to analyze Windows processes and detect pot...
Read more

Malware is lightweight

-
Image
As a solutions engineer in the industry, I recently had a discussion with a Security Analyst about the maximum file size that a Dynamic Analysis (sandbox) system should support to effectively deal with malware. Representation of a skinny malware :) I noticed that, sometimes, the expectation is to support even hundreds of megabytes for executables or exploitable-like files. However, if you pause for a moment and consider the key requirements of well-crafted malware, you will realize that: Malware is a Platform : Modern malware is built on penetration frameworks, requiring attackers to use multiple tools at different stages, from the initial compromise to achieving their final goal. Malware must be Stealthy : Attackers need to remain undetected and move quickly while generating as little noise as possible. Detection must be Evaded : Malware must minimize network traffic and implement evasion techniques to bypass detection at various levels. Given these points, you can understand that lar...
Read more

The first post on seabassfromspace

-
 This is the first post on seabassfromspace, we are alive! I decided to start this blog to begin publishing articles, stories and guides around cybersec, so this is just a test post to show that we exist in cyberspace!
Read more