My Internship Experience at NVISO – by Thibaut Flochon

Hi! I’m Thibaut, a bachelor student in Information Technology at HĂ©nallux. As a final-year student, I have had the opportunity to do my internship at NVISO for 4 months. Let me share this experience with you! Why NVISO? The year before my internship, I took part in the Cyber Security Challenge Belgium 2017 with some … Continue reading My Internship Experience at NVISO – by Thibaut Flochon

Filtering out top 1 million domains from corporate network traffic

During network traffic analysis and malware investigations, we often use IP and domain reputation lists to quickly filter out traffic we can expect to be benign. This typically includes filtering out traffic related to the top X most popular websites world-wide. For some detection mechanisms, this technique of filtering out popular traffic is not recommended … Continue reading Filtering out top 1 million domains from corporate network traffic

Going beyond Wireshark: experiments in visualising network traffic

Introduction At NVISO Labs, we are constantly trying to find better ways of understanding the data our analysts are looking at. This ranges from our SOC analysts looking at millions of collected data points per day all the way to the malware analyst tearing apart a malware sample and trying to make sense of its … Continue reading Going beyond Wireshark: experiments in visualising network traffic

Using binsnitch.py to detect files touched by malware

Yesterday, we released binsnitch.py - a tool you can use to detect unwanted changes to the file sytem. The tool and documentation is available here: https://github.com/NVISO-BE/binsnitch. Binsnitch can be used to detect silent (unwanted) changes to files on your system. It will scan a given directory recursively for files and keep track of any changes it detects, based … Continue reading Using binsnitch.py to detect files touched by malware