Today I’d like to share another “funny BUG” (yep, believe me this is quite funny) through this summer time quick’n dirty post. The involved hunter is Nuzhny (no contacts provided to me, more infos here) who disclosed a Stack Overflow in Windows Calculator last week. You would think: “A BOF in Windows Calc.exe ? You’re […]
Read more "BUG in WinCalc.exe"Plenty of documents are describing how Malwares implement “Escape” techniques in order to evade Malware analysis. I did write posts on several of the most interesting evasion techniques ( available here and here) adding information on my side as well. Today I want to share a personal MAP that I made to correlate evasion techniques […]
Read more "Malware Evasion Chart"Since 2009 when I wrote: “The string Decoding Process” (published by hakin9 magazine) I use crafted tools to automatically decode strings (some of them have been published on this blog). Decoding strings results pretty hard especially nowadays where many encoding algorithms are commonly used over planty “daily life tools”. Understanding what encoding we are facing […]
Read more "Hash Detector Tool"Today another “Hack Note” on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled “ZeuS-P2P” by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a “bot kit” happened so far: the distribution of the Command aNd Control […]
Read more "ZeuS Evolution: it’s time for P2P and RSA."Dear folks, as you probably have noticed my blog-post frequence went down a little bit during the past 4 to 6 months, since I am super busy… I am still alive though :). Today I want to share an interesting IDA Pro plugin that I ‘ve been testing for awhile called idapathfinder. Once you installed […]
Read more "Finding path to known functions through IDA-Pro"During the past few days I had the opportunity to talk about security for entire days with amazing and passionate guys. I had a great feeling about the group in which I was, and a great feeling about every single person belonging to that group. During our discussions some folks asked to me very complex […]
Read more "Vulnerability Classification"Hi folks, yes even on my notes the new Internet Explorer (on windows 7) 0Day. It’s a nice piece of work. Internet Explorer CSS 0day on Windows 7 What let me astonished is the exploit release which came before the Microsoft patch. Here the exploit is: #!/usr/bin/env ruby # Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/# Author: Nephi Johnson (d0c_s4vage) […]
Read more "Internet Explorer CSS 0Day. Exploit released."Another good idea come up from Elcomsoft . Their password crack software uses GPU accelerator instead CPU in order to increase the cracking velocity.To know more about this fast method read advertising this paper . This topic arrives at the same time of a passwords security brief that I’m summarizing for a note Italian Magazine for this reason I […]
Read more "Password Cracking: Speed Increased."HTTPBee is a swiss-army-knife tool for web application hacking testing. Multi-threaded high-performance tool with a scripting engine and agent-like behavior support. The way httpbee’s scripting engine is implemented is relevant to httpbee architecture itself. Httpbee maintains a pool of threads that it uses for parallel task execution. Therefore execution of httpbee scripts is not linear. […]
Read more "HttpBee. An interesting project."