The Internet Observatory
68 74 74 70 73 3A 2F 2F 74
69 6E 79 75 72 6C 2E 63 6F
6D 2F 32 72 33 78 75 36 61
62 00 00 00 00 00 00 00 00
,-.
/ \ `. __..-,O
: \ --''_..-'.'
| . .-' `. '.
: . .`.'
\ `. / ..
\ `. ' .
`, `. \
,|,`. `-.\
'.|| ``-...__..-`
|__|
/||\
//||\\
Hi! Welcome to my website.
This space if for presenting my public research in malware analysis, vulnerability research, and cyber threat intelligence, specifically impacting industrial systems and critical infrastructure.Featured
Hunting Beyond Indicators
Published: at 08:57 PMI wrote a blog for THOR Collective on the value of hunting beyond Indicators of Compromise.
Public Research
Updated: at 11:43 AMPlease see this page for complete listing of public research in the form of blogs, whitepapers, and webinars.
CVEs Discovered
Published: at 03:15 PMPlease see this page for exhaustive list of discovered and disclosed vulnerabilities.
Recent Posts
Don't Cry Wolf - Evidence-based Assessments of ICS Threats
Published: at 07:05 PMJimmy Wylie's and my DEF CON'33 talk is now available on YouTube. We discuss the analytical rigor undertaken before claiming a capability is "ICS-specific malware" with some specific examples I found while threat hunting.
The Bot(net) that Got Away
Published: at 10:05 PMA fun surprise in early August - this website was the target of a DDoS attack! It wasn't very effective, it didn't take my website down nor did I notice at the time.
The Story of KurtLar_SCADA.exe
Updated: at 04:05 PMCheck out my research in uncovering and analyzing a malware named KurtLar_SCADA.exe, a VNC remote access capability targeting Internet-exposed and poorly secured industrial HMIs. This research was covered in a webinar hosted by SANS ICS. Big thanks to them for having me!
DLL Hijacking Whitepaper
Published: at 01:05 AMCheck out a whitepaper I wrote on DLL hijacking - a flexible and commonly used attack technique.