Takahiro Haruyama

Sr. Threat Researcher @ VMware Carbon Black | Takahiro Haruyama is a reverse engineer with over ten years of extensive experience and knowledge in malware analysis and digital forensics. He has spoken at several famous conferences including REcon, HITB, HITCON, SECURE, DFRWS EU, SANS DFIR Summit, FIRST and BlackHat Briefings USA/Europe/Asia.

Author's Posts

Hunting Vulnerable Kernel Drivers

Misc

Hunting Vulnerable Kernel Drivers

Takahiro Haruyama October 31, 2023 34 min read

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)

Threat Analysis Unit

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)

Takahiro Haruyama November 21, 2022 5 min read

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)

Threat Analysis Unit

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)

Takahiro Haruyama October 27, 2022 21 min read

Monitoring Winnti 4.0 C2 Servers for Two Years

Threat Analysis Unit

Monitoring Winnti 4.0 C2 Servers for Two Years

Takahiro Haruyama November 15, 2021 3 min read

Detecting UEFI Bootkits in the Wild (Part 1)

Threat Analysis Unit

Detecting UEFI Bootkits in the Wild (Part 1)

Takahiro Haruyama June 15, 2021 13 min read

Detecting Threats in Real-time With Active C2 Information

Threat Analysis Unit

Detecting Threats in Real-time With Active C2 Information

Takahiro Haruyama, Omar Elgebaly September 22, 2020 6 min read

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)

Threat Analysis Unit

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)

Takahiro Haruyama February 21, 2020 25 min read

Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)

Threat Analysis Unit

Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)

Takahiro Haruyama November 20, 2019 14 min read

CB TAU Threat Intelligence Notification: Winnti Malware 4.0

Threat Analysis Unit

CB TAU Threat Intelligence Notification: Winnti Malware 4.0

Takahiro Haruyama September 4, 2019 15 min read

fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA

Threat Analysis Unit

fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA

Takahiro Haruyama May 9, 2019 13 min read