Uncategorized

Kelihos Analysis – Part 1

In the recent years I’ve noticed a shift in the malware economy from botnets to ransomware, which is likely due to the AV industry employing more aggressive tactics against botnets resulting in a drop in profitability. As I’ve said before: ransomware is about as interesting to me is watching oil …

Uncategorized
2

Device Guard – The Beginning of the End for Malware?

Finally I manage to put together a computer capable of running Device Guard and I’ve had a little bit of time to play around with the code signing part. Everyone is probably already familiar with x64 driver signature enforcement (64-bit Windows systems can only load signed drivers); Well, now Microsoft …

Uncategorized
1

Hidden VNC for Beginners

Hidden VNC is a creative solution to a solution to a problem which stemmed from banking fraud. Back years ago when fraud was uncommon, most banks only had basic IP or Geo-location checks to flag or block accounts if someone logged in from another computer. To combat this, banking trojans …

Uncategorized
2

Advanced Desktop Application Sandboxing via AppContainer

This post is kind of a follow on from my previous article Usermode Sandboxing, so if you’ve not yet read that you should do so first. AppContainer was a fairly quietly introduced feature in Windows 8, which is a shame as it provides some great features which can be used for desktop …

Uncategorized
3

Creating the Ultimate Tor Virtual Network

Although the methods in this article can be used for proper anonymity outside of the tor browser, the main focus is creating a secure tor based research environment. As most security researchers know there’s always a big decision with analyzing malware or exploits in a VM, most people would prefer …

Uncategorized

User Mode Hook Scanner (Alpha)

I finally decided to write my first security tool based on an idea I had for advanced hook detection, I couldn’t find any evidence of the method being used so I based a tool around it. It’s still a working progress but I’m posting so I can get some feedback …

Uncategorized

David Cameron Wants Porn Sites to Require Banking Information

It would seem that David Cameron doesn’t have a tech advisory or even knows anyone who uses browser other than Netscape, but that doesn’t seem stop him with his endless stream of proposals and laws to govern our internet. The latest idea in a long list of terrible ideas is …

Uncategorized

Darkode Returns Following International Raids

When I was contacted asking for a comment about the darkode raid, I’d said that the main administrator was not arrested and that’d I’d be surprised if it wasn’t back within a week; well It’s been a little more than a week (I’ll put on my surprised face), but as …

Uncategorized
4

Windows 10 System Call Stub Changes

Recently I installed Windows 10 RTM and while I was digging around I happened to notice some changes to the user mode portion of the system call stub: these changes appear to break the current methods of user mode system call hooking on x86 and WOW64 (Recap: here). Windows 10 x86 …

Uncategorized
2

MalwareTech SBK – A Bootkit Capable of Surviving Reformat

Since i got into firmware hacking, I’ve been working on a little project behind the scenes: A hard disk firmware based rootkit which allows malware to survive an operating system re-install or full disk format. Unfortunately I can’t post a proof of concept for many reasons (people have even contacted …