logo_itb_purple

Inside The Lab HarfangLab's tech Blog

Loading...
aot_background
CYBER THREAT INTELLIGENCE

An introduction to reverse engineering .NET AOT applications

About a month ago, we started seeing reports on activities from DuckTail , a cybercrime outfit reportedly based in Vietnam. Detonating one of the samples, we observed that a new account was being created on the analysis machine, followed by…

12 min
ITL-Machine-learning
ARTIFICIAL INTELLIGENCE

Machine Learning to identify malicious strings in a file

Why bother with strings? When analyzing a new sample found “inthewild”, it may make sense to extract the strings within it to identify IP addresses, domains, log files or C&C server signatures. For example, if an Artificial Intelligence model such…

9 min
ITL-Operations
OPERATIONS

How many slices of pizza do you need to appear in MITRE?

“We don’t see you in MITRE.” “Your solution hasn’t even been benchmarked, so how can anyone know what you’re REALLY worth?” “Anyway, it’s impossible for a French player to be as good as the Americans…” … okay, okay, that’s enough…

8 min
TaskLoader
CYBER THREAT INTELLIGENCE

Taskloader at the root of a Pay-per-Install infection chain

In June 2023, we’ve observed multiple alerts that seemingly came from different sources. A quick search through our telemetry allowed us to identify multiple infected machines across our clients. Although they would sometimes present different behaviour, the initial infection vector…

21 min
New-Project-2-min
ARTIFICIAL INTELLIGENCE

Simulate the activity of a brute-force attack

For the purpose of testing an unsupervised anomaly detection algorithm, we need a dataset with both benign and malicious authentication activities. We already have access to benign data, but we lack malicious attack events.</p> The question we will try to…

3 min
boxes
ARTIFICIAL INTELLIGENCE

AI: Deep Learning & batch normalization

Embedding images and executable files Embedding images into a lower-dimensional representation is a blooming research field in Deep Learning. With a small vector representation of each image, many new tasks can be easily done afterward such as zero-shot learning and…

6 min
pexels-jean-van-der-meulen-1543417-scaled
ARTIFICIAL INTELLIGENCE

Malwares detection: an innovative approach based on Deep Learning

Hibou is a malware detection module powered by deep learning. It works on Windows executable files (PE files) and gives, for each sample, a “score of potential maliciousness”. This state-of-the-art deep learning method to detect malicious files is now embedded…

4 min
active_directory_scheme3-1-1024×889
ARTIFICIAL INTELLIGENCE

Generate large-scale attacks without a fleet of machines

One of the recurring issues in artificial intelligence is gathering enough data to train your model. In our case, working with windows event logs is not an easy task, as there are no available datasets that correspond exactly to what…

7 min
Capture-decran-de-2023-03-07-11-52-22
ARTIFICIAL INTELLIGENCE

PowerShell: the story of collaboration between AI and CTI teams

At HarfangLab, the Artificial Intelligence (AI) and Cyber Threat Intelligence (CTI) teams can combine their strengths to prevent and detect threats. In the past year, we have worked on all of the aspects of AI to enhance our malware detection,…

6 min
Idiomatic-Rust-can-fix-Bug
RUST

How to write idiomatically in RUST magically fixed my bugs

When using compiled languages, code cannot be run if it does not pass the compilation step, and for this reason, the compiler sometimes gets in your way. Sometimes, the compiler refuses the quick-and-dirty change you made to test an idea.…

14 min
graph1-1
ARTIFICIAL INTELLIGENCE

HL-AI Binaries depending on version

Description HL-AI-Binaries is a malware detection module powered by machine learning and deep learning. It works on executable files (PE files for windows and ELF for linux) and gives, for each sample, a “score of potential maliciousness”.     This…

6 min
Deep-Learning-running-on-Windows-or-Linux-edge-devices
ARTIFICIAL INTELLIGENCE

Run Deep Learning algorithms under 5MB on Windows or Linux

Over the last few years, deep learning methods have been shown to outperform previous state-of-the-art machine learning techniques and other more traditional approaches in a large range of fields, with computer vision being one of the most notable domains. A…

7 min