Blog
Uncategorized
7

How MS14-066 (CVE-2014-6321) is More Serious Than First Thought

If you’ve been in a coma for the past week, MS14-066 (CVE-2014-6321) is a TLS heap overflow vulnerability in Microsoft’s schannel.dll, which can result in denial of service and even remote code execution on windows systems (the bug is exploitable during the TLS handshake stage, prior to any authentication). According to beyondtrust the …

Read More
Uncategorized
8

Passive UAC Elevation

I had a cool idea for a way to get the user to passively elevate your application without socially engineering them to do so or requiring exploits. Obviously you could just go ahead and start mass infecting executables, but that would cause a lot of unforeseen problems and would also …

Read More
Uncategorized
5

Creating a Secure Tor Environment

As we all know there are ways that your real IP can be leaked when using tor (JavasScript, Flash, Malware and software errors). In this tutorial I’m going to show how to create a fairly secure tor environment using VMWare, which will prevent any IP leaks. The environment can be …

Read More
Uncategorized
4

New IRC Launch

For anyone still into IRC, MalwareTech has partnered with sigterm.no to launch a new IRC network. It’s still fairly new so don’t expect an instant response, but everyone is welcome (socializing or just asking for help). Easy Method Simply use our web IRC client: https://irc.malwaretech.com/ Proper Method The server requires SSL so …

Read More
Uncategorized
1

Usermode Sandboxing

A lot of people (including myself, until recently) think that effective sandboxing requires a filter driver or kernel hooking, but this is no longer the case. A new security feature introduced in Windows Vista known as the Windows Integrity Mechanism can be used to create sandboxes that run entirely in usermode. Although …

Read More
Uncategorized

Astute Explorer (GCHQ Challenge 5 – 10)

Continuation for http://www.malwaretech.com/2014/09/astute-explorer-gchq-challenge-1-5.html Vulnerability On line 26 the function fails if exactly BLOCK_SIZE is not read, this means if there is data available but less than BLOCK_SIZE is present, or the read fails, the function will return NULL. On failure the function does not free szBuffer so there’s a pretty serious …

Read More
Uncategorized
2

Astute Explorer (GCHQ Challenge 1 – 5)

GCHQ has been having trouble finding experienced hackers and programmers to work for them, so they’ve put out a lot of  fun challenges. The idea is that people who do well in the online challenges are selected to do face to face challenges, the top few people from the face …

Read More
Uncategorized
3

Usermode System Call hooking – Betabot Style

This is literally the most requested article ever, I’ve had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it, because it was fairly undocumented and writing an article may have led to more people …

Read More
Uncategorized
4

Hacking Soraya Panel – Free Bot? Free Bots!

Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty simple, but the panel is a great deal of fun (thanks to xylitol for getting me interested). By default the …

Read More
Uncategorized
4

A few Reason for Maximum Password Length

A lot of people have recently been wondering the reason behind maximum password lengths, after it was revealed that eBay limited passwords to 20 characters. Many people see this as a security flaw (and in some cases it is), but often there are reasons behind it. I should also mention …

Read More