-
Feb 12, 2018
Malware authors have always looked for new techniques to stay invisible. This includes being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis. Malware authors attempt to utilize techniques to… read more »
-
Feb 9, 2018
Parsing SetupAPI log for fun and profit! USB device history can be a great source of evidence during a forensic analysis, when an examiner needs to determine if an external device was connected to a system and how USB devices… read more »
-
Feb 7, 2018
Often i publish some small code snippets, usually written during development of large projects. Today i want to share a small PHP class that uses Twitter API in order to perform a search and downloads the most recents tweets. In… read more »
-
Feb 5, 2018
During a penetration test, you could lucky enough to find a RCE vulnerability: in this case, the next step should be to obtain an interactive shell. One of the most used method is the creation of a reverse shell, useful… read more »
-
Feb 2, 2018
Let there be no mistake about this: from a technical point of view, 5G Network Slicing is totally awesome! However, some aspects seems to disagree with Network Neutrality principles. What is Network Neutrality? Network neutrality is the principle that Internet… read more »
-
Jan 31, 2018
Cisco released security updates to address a critical security vulnerability in Cisco ASA software. UPDATED 2/5/2018 Cisco updated previous advisory: After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it… read more »
-
Jan 29, 2018
Some weeks ago i've written a brief tutorial focused on building a simple Echo BOT on Telegram using Python. Today i want to share a very small snippet that implements the same Bot using PHP as responder for the Telegram's… read more »
-
Jan 26, 2018
Hyperion is a crypter for PE files, developed and presented by Christian Amman in 2012. The tool is a runtime crypter that can transform a Windows portable executables (PE) into an encrypted version that decrypts itself on startup and executes… read more »
-
Jan 24, 2018
Recently a colleague asked me an example of how a malware can be spread using simple html pages hosted on a hacked website. So, there are a lot of techniques, but in this case I've choose to use for the… read more »
-
Jan 22, 2018
Microcode is an abstraction layer on top of the physical components of a CPU and is present in most CPUs. It facilitate complex instruction sets, but it also provides an update mechanism that allows CPUs to be patched in-place without… read more »
-
Jan 19, 2018
Package your python application (for Windows and Linux) with just a right-click! Recently I've written a brief post about the packaging of a python script for Linux and Windows on a Linux machine, using PyInstaller and Wine. Today i want… read more »
-
Jan 17, 2018
LaZagne is a tool developed by Alessandro Zanni useful to retrieve passwords stored on a local computer by most commonly-used software. The tool displays passwords for (currently) 22 Windows and 12 Linux programs. Each software stores its passwords using different… read more »
-
Jan 15, 2018
PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade. The tool, based on libpeconv (also developed by hasherezade), scans a given process and searching for the modules containing in-memory code modifications. When… read more »
-
Jan 12, 2018
Arsalan Mosenia, Xiaoliang Dai, Prateek Mittal and Niraj Jha, in paper recently published, describe a new user-location mechanism that exploits non-sensory/sensory data stored on the smartphone to estimate the user's location when all location services are turned off. The technique,… read more »
-
Jan 10, 2018
Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan (enSilo lab) presented a a new code injection technique called "Process Doppelgänging", that works on all Windows versions and seems to be able to bypass most of today's major… read more »
-
Jan 8, 2018
Pavel Boldin published a new PoC exploit of Meltdown vulnerability working on Linux, written in C. "Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache." Can only dump linux_proc_banner at the moment, since… read more »
-
Jan 6, 2018
In-Spectre-Meltdown is a PoC developed by Viral Maniar using Python and Powershell to check speculative execution side-channel attacks that affect many modern processors and operating systems designs that allows unprivileged processes to steal secrets from privileged processes. This tool is based on… read more »
-
Jan 5, 2018
In the last hours, the vulnerabilities of the CPU have had a great prominence even in the non-specialized press.So, I think that would be useful trying to summarize the situation in a simple way. Background https://xkcd.com/1938/ Google's Project Zero releases… read more »
-
Jan 3, 2018
Keyloggers are often used by malicious softwares to steal sensitive data and login credentials. During a malware analysis process is useful to know how a keylogger works. A keylogger can be implemented simply setting a hook on the keydown event… read more »
-
Dec 31, 2017
My running year recap. Ok, 2018 is near to ends, now is time to make some statistics on my running activity. This year i have run for 5279 kilometers (3280 miles): every workout has been performed in the early morning,… read more »