Uncategorized
4

New IRC Launch

For anyone still into IRC, MalwareTech has partnered with sigterm.no to launch a new IRC network. It’s still fairly new so don’t expect an instant response, but everyone is welcome (socializing or just asking for help). Easy Method Simply use our web IRC client: https://irc.malwaretech.com/ Proper Method The server requires SSL so …

Uncategorized
1

Usermode Sandboxing

A lot of people (including myself, until recently) think that effective sandboxing requires a filter driver or kernel hooking, but this is no longer the case. A new security feature introduced in Windows Vista known as the Windows Integrity Mechanism can be used to create sandboxes that run entirely in usermode. Although …

Uncategorized

Astute Explorer (GCHQ Challenge 5 – 10)

Continuation for http://www.malwaretech.com/2014/09/astute-explorer-gchq-challenge-1-5.html Vulnerability On line 26 the function fails if exactly BLOCK_SIZE is not read, this means if there is data available but less than BLOCK_SIZE is present, or the read fails, the function will return NULL. On failure the function does not free szBuffer so there’s a pretty serious …

Uncategorized
2

Astute Explorer (GCHQ Challenge 1 – 5)

GCHQ has been having trouble finding experienced hackers and programmers to work for them, so they’ve put out a lot of  fun challenges. The idea is that people who do well in the online challenges are selected to do face to face challenges, the top few people from the face …

Uncategorized
3

Usermode System Call hooking – Betabot Style

This is literally the most requested article ever, I’ve had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it, because it was fairly undocumented and writing an article may have led to more people …

Uncategorized
4

Hacking Soraya Panel – Free Bot? Free Bots!

Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty simple, but the panel is a great deal of fun (thanks to xylitol for getting me interested). By default the …

Uncategorized
4

A few Reason for Maximum Password Length

A lot of people have recently been wondering the reason behind maximum password lengths, after it was revealed that eBay limited passwords to 20 characters. Many people see this as a security flaw (and in some cases it is), but often there are reasons behind it. I should also mention …

Uncategorized
8

FBI Cybercrime Crackdown – Blackshades

It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems that the raids are only targeting users of “blackshades” a popular remote administration …

Uncategorized
1

Rovnix new “evolution”

Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores components on a virtual filesystem outside of the partition. Yesterday Microsoft posted an update explaining a …

Uncategorized
6

Coding Malware for Fun and Not for Profit (Because that would be illegal)

A while ago some of you may remember me saying that I was so bored of there being no decent malware to reverse, that I might as well write some. Well, I decided to give it a go and I’ve spent some of my free time developing a Windows XP …