Blog
Uncategorized

Necurs.P2P – A New Hybrid Peer-to-Peer Botnet

Last week I received a tip about a sample displaying some indication that it could be peer-to-peer (a large amount of UDP traffic being sent to residential IPs), after a couple days of analysis I was able to confirm that not only was it peer-to-peer but also currently active. The person …

Read More
Uncategorized
1

When Scriptkiddies Attack

Usually I don’t blog about the hundreds of ridiculous or down right crazy emails I receive each year, but this exchange makes all the others seem completely reasonable in comparison. Normally my unwanted emails range from people asking obviously blackhat questions presented as whitehat questions to offers of under the …

Read More
Opinions

Backdoored Ransomware for Educational Purposes

Here is an interesting article I found this week, it’s about how A researcher released two pieces of ‘educational’ ransomware which were secretly backdoored in order to own some advanced and prolific cyber-criminals a small number of scriptkiddies. There two pieces were HiddenTear (a ransomware with deliberately insecure cryptography designed to …

Read More
Uncategorized

Exploring Peer to Peer Botnets

Peer to Peer and Everything In between Back in October I’d gotten bored of the endless stream of cryptolockers and PoS trojan, so decided to look at something old school, that something was Kelihos. Since then, I’ve come to realize that P2P botnet monitoring brings together two of my favorite …

Read More
Uncategorized

Kelihos Analysis – Part 1

In the recent years I’ve noticed a shift in the malware economy from botnets to ransomware, which is likely due to the AV industry employing more aggressive tactics against botnets resulting in a drop in profitability. As I’ve said before: ransomware is about as interesting to me is watching oil …

Read More
Uncategorized
2

Device Guard – The Beginning of the End for Malware?

Finally I manage to put together a computer capable of running Device Guard and I’ve had a little bit of time to play around with the code signing part. Everyone is probably already familiar with x64 driver signature enforcement (64-bit Windows systems can only load signed drivers); Well, now Microsoft …

Read More
Uncategorized
1

Hidden VNC for Beginners

Hidden VNC is a creative solution to a solution to a problem which stemmed from banking fraud. Back years ago when fraud was uncommon, most banks only had basic IP or Geo-location checks to flag or block accounts if someone logged in from another computer. To combat this, banking trojans …

Read More
Uncategorized
2

Advanced Desktop Application Sandboxing via AppContainer

This post is kind of a follow on from my previous article Usermode Sandboxing, so if you’ve not yet read that you should do so first. AppContainer was a fairly quietly introduced feature in Windows 8, which is a shame as it provides some great features which can be used for desktop …

Read More
Uncategorized
3

Creating the Ultimate Tor Virtual Network

Although the methods in this article can be used for proper anonymity outside of the tor browser, the main focus is creating a secure tor based research environment. As most security researchers know there’s always a big decision with analyzing malware or exploits in a VM, most people would prefer …

Read More
Uncategorized

User Mode Hook Scanner (Alpha)

I finally decided to write my first security tool based on an idea I had for advanced hook detection, I couldn’t find any evidence of the method being used so I based a tool around it. It’s still a working progress but I’m posting so I can get some feedback …

Read More