Where security meets innovation Posts

17 June 2019 / / SEKOIA.IO
10 July 2018 / / Articles

To understand current Chinese cyber espionage activity, we compiled and analyzed public reports that described cyber espionage operations attributed to China in the past 18 months.  Obviously this approach will only reveal the tip of the iceberg, so any conclusions we draw should be considered as mere hints on China’s cyber espionage strategy and goals.

22 March 2018 / / Non classé
18 January 2018 / / Non classé

TL;DR : This blog post is not technical. It details security industry problems and explains why SEKOIA decided to rethink security with SEKOIA.IO. The result is the first Cybersecurity Platform as a Service, made for communities, simple for users and providing added value to editors and developers.

18 October 2017 / / Non classé

We are happy to announce the immediate availability of SEKOIA Dropper Analysis, our new malware analysis service.

You can access it at https://malware.sekoia.fr.

SEKOIA Dropper Analysis is a malware analysis application with a focus on droppers. Droppers are often the first stage in a malware infection and can take several forms, with their simple goal being to install and execute a second stage malware on the system.


10 April 2017 / / Articles

Netblocks identification

These days, many security equipments such as Host based Intrusion Detection Systems (HIDS), Network Intrusion Detection Systems (NIDS) and Anti-Viruses (AV) rely on Indicators Of Compromission (IOC) to struggle against violation of security policy. An IOC relies on attributes such as malicious email addresses, domain names, file hashes and IP addresses to model a compromission. Among all these attributes, the malicious IP address is one of the simpler and therefore often use in the network defense process. For example, firewalls can leverage IOCs to forbid any communications between its assets and malicious IP addresses. Unfortunately, shared hosting make possible that multiple domain names match a single IP address. Consequently, an analyst may produce coarse grained IOCs if he didn’t identify that only a subset of the services hosted by an IP is malicious. Such IOC can be disastrous for a company if vital services get banned because of this false positive.

To limit the risk of false-positive, an analyst must determine precisely if the collected IP address is potentially exploited by one or many websites. Moreover ensure that all other associated web sites are malicious! This type work is tedious and can be reduce the following question: “Is it a shared IP address?”

This article details a solution to confirm that an IP address is used by a shared host.

2 November 2016 / / Articles
9 September 2016 / / Non classé
11 July 2016 / / Non classé