A Lightbulb Worm?

By Colin O’Flynn

This whitepaper is designed to show some details of the Philips Hue system. It is not designed to demonstrate any specific attack, but instead a chance to “poke around” to see what security features are present. It is designed to serve as a reference for those designing similar systems, to give an idea what attack surfaces might be exploited.
» Read more

W32.Qakbot in Detail


By Nicolas Falliere

There are several information stealing Trojans found in cyberspace today. What makes Qakbot stand apart from most of the others is sophistication and continuous evolution. The purpose of this white paper is to provide an insight into the worm’s capabilities.
» Read more

Detecting Incidents Using McAfee Products

by Lucian Andrei

Modern attacks against computer systems ask for a combination of multiple solutions in order to be prevented and detected. This paper will do the analysis of the capacities of commercial tools, with minimal configuration, to detect threats. Traditionally, companies use antivirus software to protect against malware, and a firewall combined with an IDS to protect against network attacks. This paper will analyze the efficacy of the following three combinations: antivirus, antivirus plus host IDS, and antivirus combined with a host IDS plus application whitelisting in order to withstand application attacks. Before doing the tests we predicted that the antivirus will block 20% of the attacks, the HIDS will detect an additional 15%, and McAfee Application Control will protect at least against 50% more of the attacks executed by an average attacker using known exploits, without much obfuscation of the payload. The success of defensive commercial tools against attacks will justify the investment a company will be required to make.
» Read more