About

  • Corporate governance in face of ransomware attacks


    ABSTRACT :

    In the face of the exponential rise in ransomware attacks, is the governance of large corporations adequate to address the challenges posed by our data? What role do these companies play in the geopolitical space of different states when confronted with such attacks ?

    In response to these questions, we seek to understand how these malicious programs operate, demystify them to make their functioning more comprehensible, and also to understand the direct and indirect roles they play on both the international and national geopolitical stages. These programs, increasingly accessible to various malicious actors, represent a financial resource for states such as the Democratic People's Republic of Korea (North Korea) or for cybercriminals using ransomware as a service (RaaS). However, these programs also have a significant geopolitical impact, particularly with the use of RaaS for destabilization purposes by Russia. These programs are deployed through leaked cyber weapons such as EternalBlue by the NSA or via phishing actions targeting the entire corporate hierarchy. Faced with these multiple threats and challenges, companies and states must work together to effectively manage governance and find a balance between cyber defense and cyber resilience. Different states must also strike the right balance between geopolitical advantage, cyber weapon protection, common jurisdiction, and the sharing of data related to various incidents to effectively combat this multifaceted threat.

    However, what about the understanding of the issues by employees, who are the primary stakeholders ?

    Feel free to ask me for the entire document if you're interested (206 pages).

    ransomware governance cyber resilience cyber weapon geopolitics cybercrime lockbit


Thanks for visiting !

Skills



Some mastered or frequently used tools

  • NMAP
  • METASPLOIT
  • BURP SUITE
  • WIRESHARK
  • OWASP ZAP
  • SQLMAP
  • JOHN THE RIPPER
  • HASHCAT
  • SUITE AIRCRACK
  • NIKTO
  • TOR NETWORK
  • HYDRA
  • WAPITI
  • BEEF
  • BETTERCAP
  • MIMIKATZ
  • DALFOX
  • DOTPEEK
  • HxD
  • DNSPY
  • CMDER
  • KALI LINUX TOOLS
  • PEAS

Projects

  • Pentest Projects

  • Cyber Threat Intelligence Projects

  • Red Team Implants Projects

  • Open Source Intelligence Projects

Latest Blogs

Bug Bounty Experience

Cyber Threat Intelligence Experience

Malware Development Projects

Being French, I am subject to applicable French laws. There is a legal gray area concerning the development of malware, but especially regarding their possession. They are considered weapons, and, like weapon possession, their possession is regulated. I inquired with ANSSI about whether I could release some of my malware projects as open source, but I never received a response despite my follow-ups with the legal department. I believe this request is perceived as peculiar, and they probably thought I was trolling

Anyway, I will introduce you to some of the different types of malware I have developed since my high school years, along with some of their features. Please note that most of them are outdated and would require modifications to drastically reduce their detection rates and improve their compatibility with certain targeted technologies.

Malwares created & replicated

- Keyloggers
--> A hook function capturing all possible keyboard combinations individually (without using existing libraries).

- Infostealers
--> Exfiltration via email, webhook, or more traditional C2 servers.
--> Replication of the typical behaviors of these malwares (on-site data decryption) or data exfiltration with an encryption key to avoid one less detection pattern.

- RAT
--> RAT with all its functions packed (outdated).
--> RAT with a plugin or downloader functionality (injection and execution of features in memory).

- Ransomwares
--> Classic ransomware with exclusion folders for encryption and custom extension for encrypted files.

- Simple Botnets
--> Botnets used as gateways or rather as downloaders. Programs packed with the bare minimum to launch an attack (detection of defense systems and PC versions).

Evasion methodology

Overall, I draw inspiration from existing methodologies such as entropy reduction, program signature, data encryption, or the obfuscation of certain functions through YARA rules. But my main focus is on defining the dynamic behavior that my malware will exhibit initially, in order to make it less suspicious (ex : random sleep, fake functions, etc.). I also try to find the right balance to implement virtual environment detection and ensure that these functions do not appear too suspicious.

Next malware project

I want to create the most complete RAT possible with reliable stability, using the Tor network.
I want to make its communication protocol as logical as possible in terms of code maintenance to allow for quick updates on communication methods, including emerging anonymous communication systems like I2P Network.