So got hacked. So what?

Author: No Comments Share:

Earlier today, Brian Kerbs tweeted about the hack – at which point both Simon Crosby and I naturally headed to to see what was what.

Upon visiting the site we received a LAVA alert that informed us that we were being attacked. This made us excited, not concerned. You see, with vSentry our browsing tasks were totally isolated in hardware-enforced micro-VM’s.

We got on the phone with Brian and our Chief Security Architect, Rahul Kashyap, and started dissecting the long tail of the attack.


At this point there are countless of places that will tell you what the attack consisted of, so we won’t brag about how early and deeply we were able to analyze it.. What I’d like to note is that we were able to do this not in a lab, but using our day to day laptops – without ever fearing a compromise.

Imagine doing that; Browsing the web without fear of compromise. What a novel concept!

One of the coolest things about working at Bromium is that many of us spend our free time cruising the web looking for interesting malware, and then detonating it on our laptops with LAVA. When we find something really interesting, like the hack, rather than an “oh no, I’ve been hacked”, you’ll hear a, “woohoo I got a good one!” and then the crew will gather around someone’s desk and examine the full lifespan of the attack; how many binaries it dropped, where the c&c servers are, what registry entries it manipulated, etc.

Just a fun fact about life as a Bromide.

Previous Article

BlackHat EU’13: Are You Playing Sandbox Roulette?

Next Article

Cyber-rattling is a Convenient Excuse for Security Vendor Failures

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *