Category: Articles

10 July 2018 / / Articles

To understand current Chinese cyber espionage activity, we compiled and analyzed public reports that described cyber espionage operations attributed to China in the past 18 months.  Obviously this approach will only reveal the tip of the iceberg, so any conclusions we draw should be considered as mere hints on China’s cyber espionage strategy and goals.

10 April 2017 / / Articles

Netblocks identification

These days, many security equipments such as Host based Intrusion Detection Systems (HIDS), Network Intrusion Detection Systems (NIDS) and Anti-Viruses (AV) rely on Indicators Of Compromission (IOC) to struggle against violation of security policy. An IOC relies on attributes such as malicious email addresses, domain names, file hashes and IP addresses to model a compromission. Among all these attributes, the malicious IP address is one of the simpler and therefore often use in the network defense process. For example, firewalls can leverage IOCs to forbid any communications between its assets and malicious IP addresses. Unfortunately, shared hosting make possible that multiple domain names match a single IP address. Consequently, an analyst may produce coarse grained IOCs if he didn’t identify that only a subset of the services hosted by an IP is malicious. Such IOC can be disastrous for a company if vital services get banned because of this false positive.

To limit the risk of false-positive, an analyst must determine precisely if the collected IP address is potentially exploited by one or many websites. Moreover ensure that all other associated web sites are malicious! This type work is tedious and can be reduce the following question: “Is it a shared IP address?”

This article details a solution to confirm that an IP address is used by a shared host.

2 November 2016 / / Articles
12 April 2016 / / Articles
4 January 2016 / / Articles
17 November 2015 / / Articles
1 October 2015 / / Articles
17 September 2015 / / Articles
7 September 2015 / / Articles