Digital Forensics
As part of an incident response operation, the SECUINFRA Falcon team identified an interesting malware sample codenamed "CommieLoader" masquerading as an application form.
CommieLoader installed a Cobalt Strike Beacon, which was used by the attacker for command-and-control communication
In March 2026, a previously unknown zero-day exploit was discovered in Adobe Reader that is being actively exploited via a specially crafted PDF document. Building on the initial findings of security researcher Haifei Li, this article provides a detailed analysis of the technical structure and functionality of the malicious PDF. It reveals a highly obfuscated attack chain featuring sophisticated obfuscation techniques, fingerprinting mechanisms, and unusual command-and-control communication via RSS feeds.
In a recent case, we tried to reconstruct the attacker's activities on an ESXi hypervisor. The logs available on the system were very limited, which made it difficult to analyze the attacker's activities. The ESXi hypervisor in particular offers detailed logs that can be used for forensic analysis if configured accordingly. The topic of forensic readiness in general was covered in a previous article, which is highly recommended reading. This article focuses on hypervisors, the risks they are exposed to and how to protect them.
Forensic readiness refers to a company's ability to carry out digital forensics efficiently. Every incident is a stressful situation for everyone involved. A high degree of maturity in forensic readiness can shorten the analysis time of incidents and increase the quality of statements about the incident.
In order to minimize monetary and reputational damage in the event of a successful IT security attack, immediate and correct response measures, a comprehensive overview of the extent of the cyber attack, and a full clarification of the incident are indispensable.
The registered number of IT security incidents as a result of the rapid development of new and adapted cyber attack methods is worrying - and can sometimes have serious financial consequences as well as reputational damage for companies.
We will first begin at the entry point of this RAT and analyze its executed code before we jump into all possible modules this RAT possesses.
According to Malware Bazaar, samples have been distributed since around mid-January. The final payload is a .NET RAT, which allows the attacker to send commands to the infected system.
This article is intended to provide a deeper insight into the important topic of reporting obligations in the event of an IT security incident.
In order to protect one's own company against phishing, awareness must first and foremost be created among employees. This can be done through workshops, phishing simulation or company policies.