Blog
Uncategorized
1

Usermode Sandboxing

A lot of people (including myself, until recently) think that effective sandboxing requires a filter driver or kernel hooking, but this is no longer the case. A new security feature introduced in Windows Vista known as the Windows Integrity Mechanism can be used to create sandboxes that run entirely in usermode. Although …

Read More
Uncategorized

Astute Explorer (GCHQ Challenge 5 – 10)

Continuation for http://www.malwaretech.com/2014/09/astute-explorer-gchq-challenge-1-5.html Vulnerability On line 26 the function fails if exactly BLOCK_SIZE is not read, this means if there is data available but less than BLOCK_SIZE is present, or the read fails, the function will return NULL. On failure the function does not free szBuffer so there’s a pretty serious …

Read More
Uncategorized
2

Astute Explorer (GCHQ Challenge 1 – 5)

GCHQ has been having trouble finding experienced hackers and programmers to work for them, so they’ve put out a lot of  fun challenges. The idea is that people who do well in the online challenges are selected to do face to face challenges, the top few people from the face …

Read More
Uncategorized
3

Usermode System Call hooking – Betabot Style

This is literally the most requested article ever, I’ve had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it, because it was fairly undocumented and writing an article may have led to more people …

Read More
Uncategorized
4

Hacking Soraya Panel – Free Bot? Free Bots!

Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty simple, but the panel is a great deal of fun (thanks to xylitol for getting me interested). By default the …

Read More
Uncategorized
4

A few Reason for Maximum Password Length

A lot of people have recently been wondering the reason behind maximum password lengths, after it was revealed that eBay limited passwords to 20 characters. Many people see this as a security flaw (and in some cases it is), but often there are reasons behind it. I should also mention …

Read More
Uncategorized
8

FBI Cybercrime Crackdown – Blackshades

It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems that the raids are only targeting users of “blackshades” a popular remote administration …

Read More
Uncategorized
1

Rovnix new “evolution”

Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores components on a virtual filesystem outside of the partition. Yesterday Microsoft posted an update explaining a …

Read More
Uncategorized
6

Coding Malware for Fun and Not for Profit (Because that would be illegal)

A while ago some of you may remember me saying that I was so bored of there being no decent malware to reverse, that I might as well write some. Well, I decided to give it a go and I’ve spent some of my free time developing a Windows XP …

Read More
Uncategorized
4

Zorenium – The Bot That Never Was

I was first made aware of Zorenium bot at the start of November last year by a friend on twitter (R136a1). There were no actual sales threads, just a discussion in IRC and a pastebin post detailing some features (http://pastebin.com/Pp5xmtK7). After being sent a sample, I decided not to write …

Read More