Due to popular request I’m starting a new reverse engineering article series which will detail how I go about analyzing various samples, instead of just presenting my findings like I normally do. Most of the posts will be centered around […]
While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which I’d found to be […]
Last week I received a tip about a sample displaying some indication that it could be peer-to-peer (a large amount of UDP traffic being sent to residential IPs), after a couple days of analysis I was able to confirm that not […]
Usually I don’t blog about the hundreds of ridiculous or down right crazy emails I receive each year, but this exchange makes all the others seem completely reasonable in comparison. Normally my unwanted emails range from people asking obviously blackhat […]
Here is an interesting article I found this week, it’s about how A researcher released two pieces of ‘educational’ ransomware which were secretly backdoored in order to own some advanced and prolific cyber-criminals a small number of scriptkiddies. There two pieces […]
Peer to Peer and Everything In between Back in October I’d gotten bored of the endless stream of cryptolockers and PoS trojan, so decided to look at something old school, that something was Kelihos. Since then, I’ve come to realize […]
In the recent years I’ve noticed a shift in the malware economy from botnets to ransomware, which is likely due to the AV industry employing more aggressive tactics against botnets resulting in a drop in profitability. As I’ve said before: […]
Finally I manage to put together a computer capable of running Device Guard and I’ve had a little bit of time to play around with the code signing part. Everyone is probably already familiar with x64 driver signature enforcement (64-bit […]
Hidden VNC is a creative solution to a solution to a problem which stemmed from banking fraud. Back years ago when fraud was uncommon, most banks only had basic IP or Geo-location checks to flag or block accounts if someone […]
This post is kind of a follow on from my previous article Usermode Sandboxing, so if you’ve not yet read that you should do so first. AppContainer was a fairly quietly introduced feature in Windows 8, which is a shame as it […]