The Internet Observatory
Hi! Welcome to my website.
This space is for presenting my public research in malware analysis, vulnerability research, and cyber threat intelligence, with a focus on industrial systems and critical infrastructure.
Featured
Hunting Beyond Indicators
Published: at 08:57 PMI wrote a blog for THOR Collective on the value of hunting beyond Indicators of Compromise.
Public Research
Updated: at 11:43 AMPlease see this page for complete listing of public research in the form of blogs, whitepapers, and webinars.
CVEs Discovered
Published: at 03:15 PMPlease see this page for exhaustive list of discovered and disclosed vulnerabilities.
Recent Posts
Don't Cry Wolf - Evidence-based Assessments of ICS Threats
Published: at 07:05 PMJimmy Wylie's and my DEF CON'33 talk is now available on YouTube. We discuss the analytical rigor undertaken before claiming a capability is "ICS-specific malware" with some specific examples I found while threat hunting.
The Bot(net) that Got Away
Published: at 10:05 PMA fun surprise in early August - this website was the target of a DDoS attack! It wasn't very effective, it didn't take my website down nor did I notice at the time.
The Story of KurtLar_SCADA.exe
Updated: at 04:05 PMCheck out my research in uncovering and analyzing a malware named KurtLar_SCADA.exe, a VNC remote access capability targeting Internet-exposed and poorly secured industrial HMIs. This research was covered in a webinar hosted by SANS ICS. Big thanks to them for having me!
DLL Hijacking Whitepaper
Published: at 01:05 AMCheck out a whitepaper I wrote on DLL hijacking - a flexible and commonly used attack technique.