Posts

Exposing Emotet's Modern Infrastructure - A Case Study on Tracking Down and Shutting Down Abusive Malware In Direct Cooperation with Abuse Departments

Image
In this post I'll officially attempt to bring down and take offline the Emotet botnet including to actually provide never-published before OSINT type of research analysis on the actual C&C infrastructure behind the Emotet botnet which is one of the most prolific botnets up to present day with the idea to attempt a coordinated take down attempt in direct cooperation with multiple international ISPs and their associated abuse departments for the purpose of bringing it offline. Sample Emotet known C&C infrastructure servers: hxxp://109.123.78.10 hxxp://66.54.51.172 hxxp://108.161.128.103 hxxp://195.210.29.237 hxxp://5.35.249.46 hxxp://5.159.57.195 hxxp://206.210.70.175 hxxp://88.80.187.139 hxxp://188.93.174.136 hxxp://130.133.3.7 hxxp://162.144.79.192 hxxp://79.110.90.207 hxxp://72.18.204.17 hxxp://212.129.13.110 hxxp://66.228.61.248 hxxp://193.171.152.53 hxxp://129.187.254.237 hxxp://178.248.200.118 hxxp://133.242.19.182 hxxp://195.154.243.237 hxxp://80.237.133.77 hxxp://158.

Dancho Danchev's Blog - Open Call for Blog Contributors and Guest Bloggers

Image
UPDATE: Do you know which is one of the World's most popular Security blogs and who's running it?  Guess what - you've been reading it all along. Ever since I started this blog in December, 2005 for the purpose of impressing my girlfriend and greatly inspired by a successful venture with Astalavista Security Group circa 2003-2006 I've received over 5M page views courtesy of a loyal base of users to whom I owe a great debt of gratitude for keeping track of my research and following my comments - in real-time. The time has come to expand and eventually launch a new set of products and services including a possible Advertising Inventory - therefore I've decided to launch an Open Call for Blog Contributors including Guest Bloggers. Interested in writing at this blog? Feel free to approach me - dancho.danchev@hush.com Dancho Danchev's Blog - Major Security Web Property Statistics: Dear blog readers, friends, partners, colleague

Guess Who's Still Running the Show?

Image
Dear blog readers, I've recently came across to a very informative presentation courtesy of a friend Jeffrey Carr from TaiaGlobal that lists me as a major competitor in Cyber Threat Intelligence next to the DHS. Outstanding! Keep it coming Jeff and don't forget to check out this post detailing the inner workings of the infamous Kneber Botnet . How to set them straight? Stay tuned!

Anyone Using XMPP/OMEMO?

Image
Dear blog readers, Are you interested in catching up with me in terms of current and upcoming research including possible cybercrime research and commercial threat intelligence gathering services? Here's my XMPP/OMEMO ID: dancho.danchev@kode.im Stay tuned!

The Armadillo Phone - A Security Review

Image
Dear blog readers, As many of you know I've joined forces with Team Armadillo Phone in the fight against cybercriminals including nation-state and rogue and malicious including possibly fraudulent cyber adversaries for the position of Security Blogger in 2019 and I wanted to say big thanks to COO Rob Chaboyer and CEO Kelaghn Noy for bringing me on board and for initiating a series of video conversations to better help them understand my motivation for joining the company and what exactly I can bring on board. Among my first responsibilities were to possibly include an actual Security Audit and actual Security Advice and Recommendation including practical implementation advice on new Privacy and Security themed related features actual reaching out to current and future customers including active posting of new and innovative Security Research at the company's blog . In this post I'll provide an in-depth Security Review of the Armadillo Phone in terms of Privacy

Joining Team Armadillo Phone!

Image
Dear blog readers, It's a pleasure and an honor to let you know that I've recently joined forces with Team Armadillo Phone in the fight against sophisticated nation-state and rogue cyber threat actors for the position of Security Blogger targeting mobile devices on their way to compromise sensitive and often classified personal information and that I'll be definitely looking forward to making impact with the company through the publication of high-quality security and cyber threat research including the active education and spreading of information and knowledge to the company's clients on their way to further protect their sensitive and often classified data from mobile threats courtesy of a multi-tude of malicious and fraudulent adversaries. Among my responsibilities will include active cyber threat an nation and rogue cyber adversary research including actual client outreach in terms of Security Blogger including the actual work and eventual implementation of ne

ManTech Introduces Newly Lauched Cyber Security "Space Range" - An Analysis

Image
Have you ever dreamed of launching an offensive cyber warfare payload from Space ? Keep reading. It appears that the newly launched ManTech's " Space Range " cyber security simulation is truly capable of offering a fully-realistic cyber security and information security simulation environment that's successfully capable of launching an offensive cyber warfare payload from Space potentially signalling the presence of a sophisticated offensive cyber warfare adversary that's truly capable of making an impact and causing havoc on a wide-spread scale. " ManTech has embraced the challenge of identifying and capturing the unique threats and vulnerabilities in the space domain with our newest offering, the ManTech Space Range. Built upon the success of ACRE®, ManTech’s innovative and fully operational cyber range, we are expanding our robust, scalable and hyper-realistic range to encompass the unique requirements of a cyber infrastructure supporting a space en