Clik here to view.
The research: Mobile Internet traffic hijacking via GTP and GRX
Most users assume that mobile network access is much safer because a big mobile-telecoms provider will protect subscribers. Unfortunately, as practice shows, mobile Internet is a great opportunity for...
View ArticleClik here to view.
EXRS- Exercises for learning Reverse Engineering and Exploitation.
All the sploit exercises are designed to be solvable with NX+ASLR without being dependent on which libc is used. The idea is you should only interact with stdin / stdout as if it was a remote service,...
View ArticleClik here to view.
More on The Great Bank Robbery: the Carbanak APT From Kapersky
The story of Carbanak began when a bank from Ukraine asked us to help with a forensic investigation. Money was being mysteriously stolen from ATMs. Our initial thoughts tended towards the Tyupkin...
View ArticleClik here to view.
(Sample Files Added & Password) The Equation Cyber Attack Group: The Death...
It is not known when the Equation2 group began their ascent. Some of the earliest malware samples we have seen were compiled in 2002; however, their C&C was registered in August 2001. Other...
View ArticleClik here to view.
CTB-Locker encryption/decryption scheme in details
After my last post about CTB-Locker I received a lot of e-mails from people asking for a complete analysis of the malware. Most of them wanted to know if it’s possible to restore the compromised files...
View ArticleClik here to view.
Walking Heap Using Pydbg
I'm a big fan of Pydbg. Although it has many awesome features , it also has few limitations. One of them is lack of control over process heap. For a long time I'm thinking of writing something which...
View ArticleClik here to view.
Banking Malware VAWTRAK Now Uses Malicious Macros, Abuses Windows PowerShell
Last year we saw how the Windows PowerShell® command shell was involved in spreading ROVNIX via malicious macro downloaders. Though the attack seen in November did not directly abuse the PowerShell...
View ArticleClik here to view.
Automating Removal of Java Obfuscation
In this post we detail a method to improve analysis of Java code for a particular obfuscator, we document the process that was followed and demonstrate the results of automating our method. Obscurity...
View ArticleClik here to view.
APT is a Who not a What... And Why it doesn't Matter
A small number of topics get intelligence driven incident responders incredibly frustrated:Using intelligence to mean smart (I’ll share more about that later this week)Bad attribution based on...
View ArticleClik here to view.
DbgKit
DbgKit is the first GUI extension for Debugging Tools for Windows. It will show you hierarchical view of processes and detailed information about each process including its full image path, command...
View ArticleClik here to view.
A Fanny Equation: "I am your father, Stuxnet"
At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various...
View ArticleClik here to view.
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web...
Document Title:===============Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web VulnerabilityReferences...
View ArticleClik here to view.
Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities
Early last year Gareth Heyes unveiled a fascinating new technique for attacking web applications by exploiting path-relative stylesheet imports, and dubbed it ‘Relative Path Overwrite’. This attack...
View ArticleClik here to view.
Detect Equation Group Malware with THOR
THOR in version 7.20.1 is able to detect the Equation Group malware mentioned in the recently released reports by Kaspersky Labs.more...
View ArticleClik here to view.
Celebrity chef Jamie Oliver’s website hacked, redirects to exploit kit
While routinely checking the latest exploits and sites hacked, we came across a strange infection pattern that seemed to start from popular website jamieoliver[dot]com (ranked #536 in the UK and...
View ArticleClik here to view.
Paper: A Tour beyond BIOS Using Intel ® VT-d for DMA Protection in UEFI BIOS
This paper presents on a design methodology for using Intel VT-d in a UEFI BIOS forpurposes of resisting DMA attacks against the host UEFI firmware from devices.more...
View ArticleClik here to view.
Freebsd RNG broken for last 4 months
If you are running a current kernel r273872 or later, please upgradeyour kernel to r278907 or later immediately and regenerate keys.more...
View ArticleClik here to view.
Duplicate SSH Keys Everywhere
Back in December when I revamped the SSH banner and started collecting the fingerprint I noticed an odd behavior. It turns out that a few SSH keys are used a lot more than once.more...
View ArticleClik here to view.
RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris...
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software SuiteDuring a penetration test, RedTeam Pentesting discovered a DirectoryTraversal vulnerability in...
View ArticleClik here to view.
Fuzzing for MS15-010
This past Patch Tuesday Microsoft released MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution. This patch addressed multiple privately reported vulnerabilities...
View Article