Skip to content
February 21, 2013 / Tal Klein

So got hacked. So what?

Earlier today, Brian Kerbs tweeted about the hack – at which point both Simon Crosby and I naturally headed to to see what was what.

Upon visiting the site we received a LAVA alert that informed us that we were being attacked. This made us excited, not concerned. You see, with vSentry our browsing tasks were totally isolated in hardware-enforced micro-VM’s.

We got on the phone with Brian and our Chief Security Architect, Rahul Kashyap, and started dissecting the long tail of the attack.


At this point there are countless of places that will tell you what the attack consisted of, so we won’t brag about how early and deeply we were able to analyze it.. What I’d like to note is that we were able to do this not in a lab, but using our day to day laptops – without ever fearing a compromise.

Imagine doing that; Browsing the web without fear of compromise. What a novel concept!

One of the coolest things about working at Bromium is that many of us spend our free time cruising the web looking for interesting malware, and then detonating it on our laptops with LAVA. When we find something really interesting, like the hack, rather than an “oh no, I’ve been hacked”, you’ll hear a, “woohoo I got a good one!” and then the crew will gather around someone’s desk and examine the full lifespan of the attack; how many binaries it dropped, where the c&c servers are, what registry entries it manipulated, etc.

Just a fun fact about life as a Bromide.


Leave a Comment
  1. donjduncan / Feb 21 2013 2:17 pm

    Reblogged this on Enterprise Computing Speedbumps and commented:
    Always enjoy reading stuff like this and figuring out how something works. It makes technology fun!

  2. Jim / Feb 21 2013 4:24 pm

    I hope folks begin to understand the phrase “hardware enforced “.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 35,700 other followers

%d bloggers like this: