An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
Abhishek Singh (Prismo Systems)
Ramesh Mani (Prismo Systems)
Web application vulnerabilities are an important entry vector for threat actors. In this paper researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting…
Read morePatrick Wardle (Jamf)
It’s no secret that many nation states possess offensive macOS cyber capabilities, though such capabilities are rarely publicly uncovered. However, when such tools are detected, they provide unparalleled insight into the operations and techniques…
Read moreAdam Haertlé (BadCyber.com)
This paper presents an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. Many of the victims were unaware…
Read moreRichard Matti (NetClean Technologies)
Anna Creutz (NetClean Technologies)
There is a type of crime, breach of company policy, misuse of company assets and security threat that is often overlooked: as one in 500 employees use their work computer to handle child sexual abuse material. This crime and misuse of company assets…
Read moreTakahiro Haruyama (Carbon Black)
Compiler-level obfuscations, like opaque predicates and control flow flattening, are starting to be observed in the wild and are likely to become a challenge for malware analysts and researchers. This paper explains how to de-obfuscate the code of an…
Read moreGhareeb Saad (Anomali)
Michael A. Raggi (Proofpoint)
Anomali Labs has conducted an in-depth study of the unique object dimensions present in weaponized RTF exploits used in phishing attacks. Through this research we have found that the developers of malicious RTF weaponizers leave behind a unique…
Read moreJaeki Kim (Financial Security Institute)
Kyoung-Ju Kwak (Financial Security Institute)
Min-Chang Jang (Financial Security Institute)
The Kimsuky group is a threat group that is known to have been behind the KHNP (Korea Hydro & Nuclear Power) cyber terrorism attacks of 2014 and is still active in 2019. This paper presents the results of an analysis not only of the malware used by…
Read moreLilang Wu (Trend Micro)
Moony Li (Trend Micro)
Since iOS 10, Apple has released the unpacked/decrypted kernel cache (*.ipsw), but the system source code, in particular the kernel and driver part, remain close-sourced. What is more, symbol info in the binary (kernel cache) has been greatly…
Read moreAlex Hinchliffe (Palo Alto Networks)
The discovery of two malware families with significant, mostly infrastructure-based overlaps with previously seen malware, such as 9002, PlugX, Poison Ivy and FHAPPI, has led us towards what appears to be an undocumented nation-state group, or…
Read moreChintan Shah (McAfee)
This paper presents an exploit detection tool built for the purpose of detecting malicious lure documents. This detection engine employs multiple binary stream analysis techniques for flagging malicious Office documents, supporting static analysis of…
Read more