Clik here to view.
Paper: Deception with Side Information in Biometric Authentication Systems
n this paper, we study the probability of successful deception of an uncompressed biometric authentication system with side information at the adversary. It represents the scenario where the adversary...
View ArticleClik here to view.
Malware Emulation - An Introduction
This post discuses the things from the point where reversing of any malware ends.The analysis of a malware is not enough to satisfy any researcher. There is no pointin analysing a malware and then...
View ArticleClik here to view.
Cryptor
A safe Ruby encryption library, designed to support features like multiple active encryption keys and key rotation.Cryptor uses authenticated encryption exclusively, ensuring your data remains...
View ArticleClik here to view.
About DNS Attacks and ICMP Destination Unreachable Reports
Since early February 2014 my DSL connection receives quite some ICMP Destination Unreachable (TYPE=3) messages from seemingly random addresses. This does not change if my dynamic IP address changes, so...
View ArticleClik here to view.
data exfiltration over SSL with srvdir
Every now and then I come across some application that may or may not have been developed with penetration testing in mind but it ends up being damn helpful all the same. Yesterday I found a post about...
View ArticleClik here to view.
Empty wallets explain new levels of partisan hatred
I could of predicted this since the fed continues to decrease the value of the dollar to prop up investments from other countries and penalize savers while forcing others to go into riskier assets....
View ArticleClik here to view.
Towelroot v1 Tool
Root Galaxy S5, Note 3, etc. with Towelroot v1 Toolclick here ........ http://towelroot.com/
View ArticleClik here to view.
Advanced Exploit Techniques Attacking the IE Script Engine
Exploit developers should be very excited recently; lots of big bombs have been dropped to the community.In February, Yang Yu was awarded the Microsoft mitigation bypass bounty, the top prize in...
View ArticleClik here to view.
[SE-2014-01] Security vulnerabilities in Oracle Database Java VM
Security Explorations discovered multiple security issues in the implementationof a Java VM embedded in Oracle Database software [1].Discovered security issues violate many "Secure Coding Guidelines...
View ArticleClik here to view.
Ransomware infecting user32.dll
Over the past months we’ve been monitoring a new variant of the Department of Justice (DOJ) ransomware.Till date there is nothing written about this new variant on the internet. This blog item aims to...
View ArticleClik here to view.
Setting up a dynamic Android testbed Part I: Emulated vs physical devices
Here at NVISO we often perform blackbox, greybox and whitebox penetration tests of mobile applications on both Android and iOS. In an earlier blogpost, we already described how to perform static...
View ArticleClik here to view.
New banker trojan in town: Dyreza
We have been analyzing a new piece of banking malware, which is targeting some major online banking services. Among many, we have verified the following to be on the target list:Bank of...
View ArticleClik here to view.
ZTE WXV10 W300 Multiple Vulnerabilities
Default Password Being Used (CVE-2014-4018)In ZTE routers the username is a constant which is “admin” and the password by default is “admin”ROM-0 Backup File Disclosure (CVE-2014-4019)There is a rom-0...
View ArticleClik here to view.
Malvertisements on DeviantART lead to Optimum Installer
DeviantART, an online community showcasing various forms of user-made artwork with a Global Alexa rank of 148, is currently displaying several advertisements redirecting to the Optimum Installer, a...
View ArticleClik here to view.
How deep is the rabbit hole? A tale about exploit kits and layers of obfuscation
We at MRG are always amazed about malware writers and operators putting so much work into obfuscating their code and keep everything under the radar. This story started when one of our friends called...
View ArticleClik here to view.
Necurs - Rootkit for Hire
Necurs is a kernel mode driver best known at the moment for being used by Gameover Zeus (GOZ) to hinder attempts to detect and remove the malware. The technical details of the Necurs driver have...
View ArticleClik here to view.
SLocker Android Ransomware Communicates Via TOR And SMS
A little over two weeks ago, we found a new family of Android ransomware: SLocker.We have no evidence that SLocker is related to Koler, the most recently discovered Android ransomware. It does however...
View ArticleClik here to view.
15 Ways to Download a File
Pentesters often upload files to compromised boxes to help with privilege escalation, or to maintain a presence on the machine. This blog will cover 15 different ways to move files from your machine to...
View ArticleClik here to view.
How To Dissect Android Simplelocker Ransomware
In this blog post we'll be looking at a new type of malware for Android phones that encrypts important files and demands the user pay a ransom to regain access to their phone.This is the first reported...
View ArticleClik here to view.
Usermode System Call hooking - Betabot Style
This is literally the most requested article ever, I've had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it,...
View Article