Rintaro Koike

■ Link

E-Mail
GitHub
- koike
- nao_sec
Twitter
- nao_sec
Speaker Deck
- koike
Website
- https://nao-sec.org
- https://traffic.moe
Amazon
- WishList

■ Organization

nao_sec
TomoriNao
~~Active Defense Institute~~
~~Meiji University~~
- ~~Kikn Lab~~
~~人海戦術 (aka Jinkai)~~
~~Nakano Computer Club~~
~~O’CREILLY~~

■ Repository

■ 2019

Japan Security Analyst Conference 2019 (Speaker) [Abstract] [Slide]

■ 2018

SECCON 2018 Conference (Speaker) [Abstract]
セキュリティキャンプ 2018 全国大会ベテランOB (NOC)
BlackHat USA 2018 Arsenal (Presenter) [Abstract] [Slide]
アクティブディフェンス研究所特任研究員 (~ 2018/9)
第3回ハニーポッター技術交流会 (Speaker) [Slide]
Japan Security Analyst Conference 2018 (Speaker) [Slide]

■ 2017

マルウェア対策研究人材育成ワークショップ MWS Cup 2017 総合2位
コンピュータセキュリティシンポジウム 2017 CSS2017学生論文賞 [Slide]
セキュリティキャンプ 2017 全国大会チューター (NOC) [Slide]
セキュリティキャンプ・アワード 2017 最優秀賞 [Slide]
NTTコミュニケーションズ攻撃分析ハッカソン優勝

■ 2016

CyberAgent Group - Nizista Server Engineer (~ 2017/05)
マルウェア対策研究人材育成ワークショップ MWS Cup 2016 総合2位
SECCON 2015 International 参加

■ 2015

TrendMicro Guardian Project MVP
マルウェア対策研究人材育成ワークショップ MWS Cup 2015 優勝
セキュリティキャンプ 2015 全国大会参加

エクスプロイトキット“Fallout”が活動を継続中 – どのWebサイトを閲覧しているか気を付けよう (Cybereason Japan)
情報窃取目的のトロイの木馬「Ursnif」の日本を標的にした新たな変種 (Cybereason Japan)
New Ursnif Variant Targets Japan Packed with New Features (Cybereason)
Fallout EK from HookAds campaign (Malware-Traffic-Analysis)
JSAC 2019：インシデント追跡に当たる実務者への、知の共有の場として (Kaspersky)
Japan Security Analyst Conference 2019開催レポート～前編～ (JPCERT/CC)
Improved Fallout EK comes back after short hiatus (Malwarebytes Labs)
HookAds campaign Rig EK pushes SmokeLoader (Malware-Traffic-Analysis)
VBWeb Comparative Review - Autumn 2018 (Virus Bulletin)
Latest Virus Bulletin report shows the difference web security products make (Virus Bulletin)
HookAds Malvertising Installing Malware via the Fallout Exploit Kit (Bleeping Computer)
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (McAfee)
New Ramnit Campaign Spreads Azorult Malware (Check Point Research)
Exploit kits: fall 2018 review (Malwarebytes Labs)
Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption (Bleeping Computer)
Cybercrime tactics and techniques:Q3 2018 (Malwarebytes Labs)
The Week in Ransomware - October 5th 2018 - Restaurant Shutdowns & Exploit Kits (Bleeping Computer)
Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware (Bleeping Computer)
Increasing Fallout from the Fallout Exploit Kit (Morphisec)
Threat Landscape Dashboard Fallout Exploit Kit (McAfee)
GandCrab V5 Released With Random Extensions and New HTML Ransom Note (Bleeping Computer)
学生2人組でBlack Hatに登場、自作の攻撃解析ツール披露！ (ASCII.jp)
Fallout Exploit Kit Pushing the SAVEfiles Ransomware (Bleeping Computer)
New Exploit Kit Fallout Delivering Gandcrab Ransomware (TrendMicro)
Fallout exploit kit appeared in the threat landscape in malvertising campaigns (Security Affairs)
New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs (Bleeping Computer)
Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware (FireEye)
MISP Galaxy Clusters (MISP Galaxy Clusters)
10 Top Tools for Threat Hunters from Black Hat USA 2018 (Authentic8 Blog)
IoTも音声認識も企業も全てハックされる–画で見る「Black Hat」「DEF CON」 (ZDNet Japan)
Let’s Learn: Dissecting Panda Banker & Modules: Webinject, Grabber & Keylogger DLL Modules (Vitali Kremez)
XMRig coinminer caused by ad traffic leading to adobeupdater.mcdir.ru (Malware-Traffic-Analysis)
Kronos Reborn (Proofpoint)
Fake AV screen locker (a relatively easy fix) (Malware-Traffic-Analysis)
The Evolution of Gandcrab Ransomware (VMRay)
SLYIP CAMPAIGN USES GRANDSOFT EK TO PUSH URSNIF (Malware-Traffic-Analysis)
New Target Against Drive-By attacks- Nao Sec (ThreatStop)
Rig Exploit Kit delivering GandCrab Ransomware via Adobe CVE-2018-4878 (JASK)
‘FakeUpdates’ campaign leverages multiple website platforms (Malwarebytes Labs)
ランサムウェア「GandCrab」、Flashの脆弱性で拡散開始か (ZDNet Japan)
8 Year Old GrandSoft Exploit Kit Back In Action (Cisco Umbrella)
CVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits (Malware don’t need Coffee)
Rig EK drops GandCrab Ransomware Via CVE-2018-4878 (Zerophage Malware)
Exploit kits: Winter 2018 review (Malwarebytes Labs)
Drive-by as a service: BlackTDS (Proofpoint)
The Week in Ransomware - March 2nd 2018 - GandCrab Decrypted, RaaS, and More (Bleeping Computer)
EITest HoeflerText Scam Distributing GandCrab & Netsupport Manager (Bleeping Computer)
RIG malvertising campaign uses cryptocurrency theme as decoy (Malwarebytes Labs)
Rig EK One Year Later: From Ransomware to Coin Miners and Information Stealers (PaloAlto Networks Unit42)
Exploit Kit Cornucopia (YouTube - Cisco Umbrella - BlackHat USA)
Japan Security Analyst Conference 2018開催レポート~後編~(2018-02-16) (JPCERT/CC)
2018-02-12 - SEAMLESS CAMPAIGN USING RIG EK TO SEND RAMNIT - (Malware-Traffic-Analysis)
JSAC 2018：日本のセキュリティ実務者のテクニックを高みに上げる (Kaspersky)
GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated) (Malwarebytes Labs)
GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension (Bleeping Computer)
THREE RECENT EXAMPLES OF NGAY CAMPAIGN RIG EK (Malware-Traffic-Analysis)
RIG EK SENDS SMOKE LOADER AND MONERO COIN MINER (Malware-Traffic-Analysis)
SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT (Malware-Traffic-Analysis)
RIG exploit kit campaign gets deep into crypto craze (Malwarebytes Labs)
SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT BANKING TROJAN (Malware-Traffic-Analysis)
NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER (Malware-Traffic-Analysis)
NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER (Malware-Traffic-Analysis)
Rig EK via Rulan drops an Infostealer (Zerophage Malware)
TERROR EK SEEN USING HTTPS (Malware-Traffic-Analysis)
Three Rig EK Campaigns (Zerophage Malware)
Exploit Kit Cornucopia - Blackhat USA 2017 (Cisco Umbrella - BlackHat USA)
Exploit Kit Tracker (Cisco Umbrella)
The numeric tech support scam campaign (Malwarebytes Labs)
Rig EK via malvertising drops Dreambot (Zerophage Malware)
RIG Exploit Kit Suffers Major Blow Following Coordinated Takedown Action (Bleeping Computer)
SHADOWFALL (RSA)
SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT (Malware-Traffic-Analysis)
RIG sends Ramnit payloads via VBScript CVE-2016-0189 (CyberAttacks)
EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS, RIG EK, HOEFLERTEXT POPUPS (Malware-Traffic-Analysis)
EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS, RIG EK, HOEFLERTEXT POPUS (Malware-Traffic-Analysis)
EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS IN US AND UK (Malware-Traffic-Analysis)
RIG Decimal IP Campaign (RSA)
Decimal IP Campaign (MalwareBreakdown)
Rig Exploit Kit via EiTest campaign delivers Mole ransomware (BroadAnalysis)
BSidesIA 2017 Keynote: Exploit Kits and Indicators of Compromise – Brad Duncan (YouTube - BSidesIA)
EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP (Malware-Traffic-Analysis)
EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP (Malware-Traffic-Analysis)
EITest Campaign Leads to RIG EK at 188.225.39.227. EK Drops Matrix Ransomware v3. (MalwareBreakdown)
IF USING CHROME: EITEST = HOEFLERTEXT POPUP - IF USING IE: EITEST = RIG EK (Malware-Traffic-Analysis)
Finding A ‘Good Man’ (MalwareBreakdown)
EITest Leads to RIG EK at 92.53.124.144 and Drops Dreambot (MalwareBreakdown)
PSEUDO-DARKLEECH RIG EK FROM 92.53.104.78 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
EITEST RIG EK FROM 92.53.104.78 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
Rig Exploit Kit via the EiTest delivers CryptoShield/REVENGE ransomware (BroadAnalysis)
EITEST RIG EK FROM 81.177.140.75 SENDS CRYPTOSHIELD RANSOMWARE (Malware-Traffic-Analysis)
EITest Leads to RIG EK at 188.225.36.251. EK Drops CryptoShield 2.0 Ransomware. (MalwareBreakdown)
Rig Exploit Kit via the EiTest delivers CryptoShield ransomware (BroadAnalysis)
RIG EK EXAMPLES (PSEUDO-DARKLEECH AND EITEST CAMPAIGNS) (Malware-Traffic-Analysis)
EITEST RIG EK FROM 188.225.35.79 SENDS DREAMBOT (Malware-Traffic-Analysis)
PSEUDO-DARKLEECH RIG EK FROM 81.177.6.153 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)