ReversingLabs Blog

Robert Simmons

Robert Simmons
Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.

Recent Posts from Robert Simmons

July 15, 2021

Data Exfiltrator

A New Tactic for Ransomware Adversaries
April 1, 2021

Code Reuse Across Packers and DLL Loaders

Packers and DLL Loaders
March 12, 2021

DotNET Loaders

Many families of remote access trojan (RAT) are .NET executables
November 16, 2020

PoorWeb - Hitching a Ride on Hangul

Tearing Down HWP Files To Expose a Trojan
September 8, 2020

Excel 4.0 Macros

The Risk of Hidden Threats in Compound Files
June 26, 2020

Five Uses of YARA

YARA is a useful member of the toolset of researchers, threat hunters, incident responder, and many other defenders.
June 5, 2020

Retread Ransomware

In March of 2020, MalwareHunterTeam discovered a downloader which installed both a KPot infostealer as well as a second payload which was a ransomware variant that used the string "CoronaVirus".
March 23, 2020

Exposing Ryuk Variants Using YARA

Getting Ahead of Ryuk attacks using YARA Rules - Continued
January 31, 2020

RATs in the Library

Public hosting sites present a challenge for defenders when exploited by adversaries to conceal payloads using various encoding techniques
January 24, 2020

Hunting for Ransomware

Many ransomware families have changed their tactics and victim-targeting in recent years. Rather than indiscriminate attacks against anyone they’re able to infect, they have moved to a process called “big game hunting”.
December 13, 2019

Going Behind the Scenes of Cybercrime Group FIN6’s Attack On Retail and Hospitality

A step that an adversary takes during the post exploitation phase of an attack is to establish a command line interface with a computer inside the victim’s network. One recent incident demonstrates the entire intrusion set operated by FIN6, a financially motivated threat actor group.

SUBSCRIBE

Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain