Clik here to view.
RIG Exploit Kit – Diving Deeper into the Infrastructure
Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below...
View ArticleClik here to view.
Paper: Exploiting and Protecting Dynamic Code Generation
Abstract—Many mechanisms have been proposed and deployedto prevent exploits against software vulnerabilities. Amongthem, W⊕X is one of the most effective and efficient. W⊕Xprevents memory pages from...
View ArticleClik here to view.
Hacking Oklahoma State University’s Student ID
In 2013 I took an Information Security class at Oklahoma State University. As a final project, we were broken into teams to find a security hole, and have a plan to theoretically exploit it.I led this...
View ArticleClik here to view.
DDOS AMPLIFICATION ATTACKS & LINK TO DDOS AMPLIFICATION TOOL
During the last two years, we've seen DDoS attacks taking down high authority websites and networks. Unlike what we used to think that such attacks needs a large scale of resources (botnet or many...
View ArticleClik here to view.
WESP SDK multiple Remote Code Execution Vulnerabilities
Webgate technology is focused on digital image processing, embedded systemdesign and networking to produce embedded O/S and web server camerasproviding real time images. We are also making superior...
View ArticleClik here to view.
Paper: Surreptitiously Weakening Cryptographic Systems (Bruce Schneier;...
Revelations over the past couple of years highlight the importance of understanding malicious andsurreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number...
View ArticleClik here to view.
The Malicious Loader from the Cloud
Recently, we found a simple malicious downloader that downloads a fake PDF file. Unlike a normal malicious loader that integrates the PE Loader code into its binary, this loader has stripped this part...
View ArticleClik here to view.
Targeted Attacks Against Code Underlying Financial Companies’ Trading...
Security experts have observed an increasing number of targeted attacks against the code underlying financial companies’ in-house trading algorithms.more...
View ArticleClik here to view.
Simple Code Coverage Analyzer
coco.cpp is a simple pintool for code coverage analysis. It comes with the Pin Framework.more here........http://reversingonwindows.blogspot.com/2015/02/simple-code-coverage-analyzer.html?spref=tw
View ArticleClik here to view.
Proving that Android’s, Java’s and Python’s sorting algorithm is broken (and...
Tim Peters developed the Timsort hybrid sorting algorithm in 2002. It is a clever combination of ideas from merge sort and insertion sort, and designed to perform well on real world data. TimSort was...
View ArticleClik here to view.
PwC Doc: A deeper look into ScanBox cybercrime tool
Security researchers have often made the mistake of assuming that when a specific tool was observedbeing used in espionage attacks, it was representative of activity of a single actor. More...
View ArticleClik here to view.
The Mac Facilitates Spying Too
I’ve been sitting on this information for some time, waiting to get more research done before I publish a post. But since word has come out about how Lenovo preloads what amounts to very bad spyware on...
View ArticleClik here to view.
Delete Known Government-Linked Certificate Authorities in OSX
Delete Known Government-Linked Certificate Authorities in OS X. This is in relation to the article titled "The Mac Facilitates Spying Too"more...
View ArticleClik here to view.
NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL
Leaked document describes security measures used by NSA.More here.........http://www.dss.mil/documents/odaa/nispom2006-5220.pdf
View ArticleClik here to view.
SSL Blacklist
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL...
View ArticleClik here to view.
Malware Tracker: PDF Analysis
If you're a intrusion analyst on a small team (or maybe you ARE the team), you may be the only resource that has to look at a myriad of possibly malicious files that trigger your IDS or SIEM. You may...
View ArticleClik here to view.
Cloudflare: TLS Session Resumption: Full-speed and Secure
In this article, I’ll explain how we added speed to Universal SSL with session resumptions across multiple hosts, and explain the design decisions we made in this process. Currently, we use two...
View ArticleClik here to view.
Tearing Down Cryptowall (Cryptolocker and ransomware)
In today's blog we show a new approach to stopping ransomware such as Cryptowall, and how it is possible to use analytics to detect the shift in user behavior caused by malware such as Cryptowall and...
View ArticleClik here to view.
FLASH, CVE-2015-031 Exploit PoC
A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an...
View ArticleClik here to view.
Windows Exploit Mitigation Technology – Part 2
In Part 1, we explained GS cookies and Safe SEH. If you haven’t read that part, it is highly recommended to read it first.The Enhanced Mitigation Experience Toolkit, or EMET, is rudimentally a shield...
View Article