Nowadays every security bloggers is writing about how Regin (it should be read as Re-Gen, like regeneration), a new sofisticate targeted attacks discovered by Symantec (here), works and how it spied several thousands of PC mostly in Russia, Germany and Middle East. I wont write about its “hidden 6 stages” Malware or about its incredibly […]
Read more "ReGeneration (Regin) Targeted Attack"I am not used to write “Malware centric” posts, contrary I do love to focalize my writing on specific techniques used by Malware to infect systems and/or to evade analysis. However today, I want to stamp in my digital diary WireLurker since I see a “paradigm shift” on it. I find it a super fascinating […]
Read more "WireLurker, a shock in Apple World."During my talks and during my daily working life people asks me about the most interesting Malware used to perform Advanced Persistent Targeted Attacks (APTA). So I decided to give my personal answer in this post, beeing concious that things would change pretty soon. Lets start with Stuxnet, maybe one of the most known APTA […]
Read more "The Most Famous Malwares in APTA"Test if you are vulnerable Nothing really to add here. It makes me just thinking…. those things still happens (thxG). More here, here, here, here and here UPDATE (click to enlarge): From PasteBin (here) No Way… Wondering of many triggering vector would be out there UPDATE 2 After some days from the original 6271, […]
Read more "Bash Vulnearbility: CVE-2014-6271"One of the most important rules in building dynamic analysis environments is to avoid internet connection by the “potential malicious code”. Indeed the “potential malicious code” would try to exploit the analysis system per se if an internet connection is available. To respect this basic rule, when a sandboxed code tries to open an internet […]
Read more "Nice Way To Evade Dynamic Analysis"A “mandatory” step to achieve a complete and successful targeted attack is the so called: “Cyber Intelligence Phase”. By definition every targeted attack owns at leeast one specific characteristic which makes it perfectly fit for a given target. As you might want agree, one of the most important activities on develping a targeted attack is […]
Read more "Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks"As you might see from my posts frequency, last months have been pretty busy to me. My hacking team and I are working really hard and we are achieving incredibly results which makes me happy but really busy as well. OpenSSL CCS Attack (CVE-2014-0224) is almost one month old and not super interesting to be […]
Read more "OpenSSL CCS Attack"I am not used to report malware analysis made by “big security companies” since easy to find in planty of media. Linking such a reports to my blog is useless because many of my reders would probably read those feeds before my blog. However today I ‘d like to share a pretty nice article written […]
Read more "Malware Writers."Today I found some notes on my desk abut the last Chaos Computing Club-Congress (CCC) in 2013. Since are pretty funny to me I decided to share them with you. Researchers, as reported to 29C3, were able to collect over 3 Million certificates with their Public Key. So far nothing interesting at all…They were able […]
Read more "When Fun Comes to Crypto"In one of my previous posts I described a way to hack through images. That time I showed how a valid BMP file could be a valid JS file as well, hiding Javascript operations. Today it’s time to describe how this attack work with a more common web file format: .GIF. Ange commented on my […]
Read more "Hacking through image: GIF turn"