Using the Cert Graveyard

Summary: This post shares some key ways to leverage the Cert Graveyard database. I also share statistics on Cert Graveyard usage and share options to support my work. If you aren’t familiar with Cert Graveyard, I’ve described it in depth elsewhere: it is a public database for documenting abused code-signing certificates. We’ve reported and documentedContinue reading “Using the Cert Graveyard”

SolarMarker: Actions-On-Target

SolarMarker malware remains was a common threat but nothing has been published or widely shared about the actor’s actions or objectives—until now. Based on original findings from monitoring an infected computer for months, this blog-post discloses—for the first time—the financial fraud carried out by the SolarMarker actor group.

DeceptionPro: getting ahead of cybercrime

DeceptionPro allows you to monitor cybercrime by creating realistic environments, allowing front row seat to attacker behaviors and post-exploitation activity.

Impostor Certificates

It is common for malware to be signed with code signing certificates.

How is this possible? Impostors receive the cert directly and sign malware.

In this blog-post, we look at 100 certs used by Solarmarker malware to learn more.

October 2023 SolarMarker

SolarMarker regularly tops the list of threats seen by organizations like VMWare and Red Canary. This post will help you recognize SolarMarker, if you see it within your organization.

Certified Bad

Authenticode Certificates are intended to ensure that software is created by vetted parties and that the software can be trusted; however, malware is often signed with valid Authenticode certificates and the process for signing malware and the implications are often misunderstood within InfoSec. This post takes a deep dive into my research on certificate abuse.

Solarmarker: The Old is New

The purpose of this blogpost is to document the PowerShell used by Solarmarker. The PowerShell was first observed between Feb 2022 until May 2022 and then resurfaced in September 2022. The goal of this post is to publish information regarding the PowerShell to enable others to identify and understand what the PowerShell is doing. DetectingContinue reading “Solarmarker: The Old is New”