Thumbs Up: Using Machine Learning to Improve IDA’s Analysis

June 24, 2019 5:57 am

Research by: Eyal Itkin   Introduction At the beginning of 2019, we released Karta, a plugin for the IDA disassembler that identifies open sources in binaries. During our work on the plugin, we stumbled... Click to Read More

DanaBot Demands a Ransom Payment

June 20, 2019 3:34 am

Research by: Yaroslav Harakhavik  and Aliaksandr Chailytko   It’s been over a year since DanaBot was first discovered, and its developers are still working to improve it and find new opportunities to collaborate... Click to Read More

CPR-Zero: The Check Point Research Vulnerability Repository

June 19, 2019 5:59 am

  Omri Herscovici   During the past 3 years, Check Point Research has invested significant resources into vulnerability research. For every vulnerability we discover, we first notify the vendor and immediately develop new... Click to Read More

Microsoft Management Console (MMC) Vulnerabilities

June 11, 2019 1:37 pm

Research by: Eran Vaknin and Alon Boxiner   The goal of Microsoft Management Console (MMC) is to provide a programming platform for creating and hosting applications that manage Microsoft Windows-based environment, and to... Click to Read More

We Decide What You See: Remote Code Execution on a Major IPTV Platform

June 5, 2019 5:44 am

Research by: Ronen Shustin   Introduction About a year ago Check Point Research discovered critical vulnerabilities in a Ukrainian TV streaming platform that, if exploited, could leave service providers exposed to a serious... Click to Read More

Malware Against the C Monoculture

May 20, 2019 3:33 am

Research by: Ben Herzog   It’s possible to write any program in any programming language; that’s what Turing completeness means. Therefore, it’s possible to write malware in any language, too. But in both... Click to Read More

The NSO WhatsApp Vulnerability – This is How It Happened

May 14, 2019 10:57 am

  Earlier today the Financial Times published that there is a critical vulnerability in the popular WhatsApp messaging application and that it is actively being used to inject spyware into victims phones. According... Click to Read More

PlaNETWORK: Face to Face with Cyber Crime

May 9, 2019 6:00 am

  Check Point researchers have carried out an investigative research that allows for a rare opportunity of coming face to face with real-life threat actors. In this case, these threat actors are an... Click to Read More

Vulnerabilities in ISPsystem

May 1, 2019 3:14 am

  Research by: Alexey Bukheyev and Aliaksandr Chailytko ISPsystem panel is a well-known software with a user-friendly web interface for managing web-servers, dedicated servers, VPS (Virtual Private Servers) and billing. ISPsystem software products... Click to Read More

Deobfuscating APT32 Flow Graphs with Cutter and Radare2

April 24, 2019 12:12 am

Research by: Itay Cohen The Ocean Lotus group, also known as APT32, is a threat actor which has been known to target East Asian countries such as Vietnam, Laos and the Philippines. The... Click to Read More