Blog | ReversingLabs | Robert Simmons

Robert Simmons

Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.

Find Robert Simmons on: Twitter

July 15, 2021

Data Exfiltrator

A New Tactic for Ransomware Adversaries

April 1, 2021

Code Reuse Across Packers and DLL Loaders

Packers and DLL Loaders

March 12, 2021

DotNET Loaders

Many families of remote access trojan (RAT) are .NET executables

November 16, 2020

PoorWeb - Hitching a Ride on Hangul

Tearing Down HWP Files To Expose a Trojan

September 8, 2020

Excel 4.0 Macros

The Risk of Hidden Threats in Compound Files

June 26, 2020

Five Uses of YARA

YARA is a useful member of the toolset of researchers, threat hunters, incident responder, and many other defenders.

June 5, 2020

Retread Ransomware

In March of 2020, MalwareHunterTeam discovered a downloader which installed both a KPot infostealer as well as a second payload which was a ransomware variant that used the string "CoronaVirus".

March 23, 2020

Exposing Ryuk Variants Using YARA

Getting Ahead of Ryuk attacks using YARA Rules - Continued

January 31, 2020

RATs in the Library

Public hosting sites present a challenge for defenders when exploited by adversaries to conceal payloads using various encoding techniques

January 24, 2020

Hunting for Ransomware

Many ransomware families have changed their tactics and victim-targeting in recent years. Rather than indiscriminate attacks against anyone they’re able to infect, they have moved to a process called “big game hunting”.

December 13, 2019

Going Behind the Scenes of Cybercrime Group FIN6’s Attack On Retail and Hospitality

A step that an adversary takes during the post exploitation phase of an attack is to establish a command line interface with a computer inside the victim’s network. One recent incident demonstrates the entire intrusion set operated by FIN6, a financially motivated threat actor group.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Robert Simmons

Recent Posts from Robert Simmons

Data Exfiltrator

Code Reuse Across Packers and DLL Loaders

DotNET Loaders

PoorWeb - Hitching a Ride on Hangul

Excel 4.0 Macros

Five Uses of YARA

Retread Ransomware

Exposing Ryuk Variants Using YARA

RATs in the Library

Hunting for Ransomware

Going Behind the Scenes of Cybercrime Group FIN6’s Attack On Retail and Hospitality

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Robert Simmons

Recent Posts from Robert Simmons

Topics

Follow us

Subscribe

Special Reports