VB2015 paper: Digital 'Bian Lian' (face changing): the Skeleton Key malware

Posted by   Virus Bulletin on   Jan 19, 2016

Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers.

A year ago, researchers from Dell SecureWorks discovered a new kind of malware, dubbed 'Skeleton Key', that was used in targeted attacks.

The malware, which was installed on the target's domain controller, allowed the attacker to login as any user and thus perform any number of actions.

At VB2015, Microsoft researchers Chun Feng, Tal Be'ery and Michael Cherny, and Dell SecureWorks' Stewart McIntyre presented the paper "Digital 'Bian Lian' (face changing): the skeleton key malware". Today, we publish their paper as well as the video of their presentation.

You can read the paper here in HTML-format, or download it here as a PDF, and find the video on our YouTube channel, or embedded below.

Are you interested in presenting your research at the upcoming Virus Bulletin conference (VB2016), in Denver 5-7 October 2016? The call for papers is now open.



Posted on 19 January 2016 by Martijn Grooten
twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Security products and HTTPS: let's do it better

A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether?

The SHA-1 hashing algorithm has been 'shattered'

Researchers from Google and CWI Amsterdam have created the first known collision of the SHA-1 hashing algorithm, making a very strong case to ditch it.

Throwback Thursday: Once a researcher...

VB was saddened to learn this week of the passing of one of the pioneers of the AV industry, Ross Greenberg. This Throwback Thursday we look back at an interview with Ross in November 1995.

VB2017: What is happening in the threat landscape and what are we doing against it? Submit a proposal in the VB2017 CFP!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Then submit an abstract in the CFP for VB2017!

VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for

APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also provide free QA for the threat actors. Today, we publish a VB2016 paper by Gadi Evron (Cymmetria) and Inbar Raz (Perimeter X), who…