One of the most important rules in building dynamic analysis environments is to avoid internet connection by the “potential malicious code”. Indeed the “potential malicious code” would try to exploit the analysis system per se if an internet connection is available. To respect this basic rule, when a sandboxed code tries to open an internet […]Read more "Nice Way To Evade Dynamic Analysis"
A “mandatory” step to achieve a complete and successful targeted attack is the so called: “Cyber Intelligence Phase”. By definition every targeted attack owns at leeast one specific characteristic which makes it perfectly fit for a given target. As you might want agree, one of the most important activities on develping a targeted attack is […]Read more "Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks"
As you might see from my posts frequency, last months have been pretty busy to me. My hacking team and I are working really hard and we are achieving incredibly results which makes me happy but really busy as well. OpenSSL CCS Attack (CVE-2014-0224) is almost one month old and not super interesting to be […]Read more "OpenSSL CCS Attack"
I am not used to report malware analysis made by “big security companies” since easy to find in planty of media. Linking such a reports to my blog is useless because many of my reders would probably read those feeds before my blog. However today I ‘d like to share a pretty nice article written […]Read more "Malware Writers."
Today I found some notes on my desk abut the last Chaos Computing Club-Congress (CCC) in 2013. Since are pretty funny to me I decided to share them with you. Researchers, as reported to 29C3, were able to collect over 3 Million certificates with their Public Key. So far nothing interesting at all…They were able […]Read more "When Fun Comes to Crypto"
During the past months I received, throught my blog, requests on what to read during winter Holidays. I decided to publish a little list on some of the books (yes, I wrote “some” and not “all” ) that have been really useful for my carrer which I would totally suggest to everybody interested on such […]Read more "Good Readings"
It’s long time I don’t write on my own blog (more then two months) and if you look at the history bar on your right you will probably figure out I am slowing down my blog posts a bit if compared to the past years. This happens due the amount of work my security team […]Read more "Hacking through images"
Today I’d like to share another “funny BUG” (yep, believe me this is quite funny) through this summer time quick’n dirty post. The involved hunter is Nuzhny (no contacts provided to me, more infos here) who disclosed a Stack Overflow in Windows Calculator last week. You would think: “A BOF in Windows Calc.exe ? You’re […]Read more "BUG in WinCalc.exe"
Today another “Hack Note” on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled “ZeuS-P2P” by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a “bot kit” happened so far: the distribution of the Command aNd Control […]Read more "ZeuS Evolution: it’s time for P2P and RSA."