Blog
Uncategorized
2

Astute Explorer (GCHQ Challenge 1 – 5)

GCHQ has been having trouble finding experienced hackers and programmers to work for them, so they’ve put out a lot of  fun challenges. The idea is that people who do well in the online challenges are selected to do face to face challenges, the top few people from the face …

Read More
Uncategorized
3

Usermode System Call hooking – Betabot Style

This is literally the most requested article ever, I’ve had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it, because it was fairly undocumented and writing an article may have led to more people …

Read More
Uncategorized
4

Hacking Soraya Panel – Free Bot? Free Bots!

Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty simple, but the panel is a great deal of fun (thanks to xylitol for getting me interested). By default the …

Read More
Uncategorized
4

A few Reason for Maximum Password Length

A lot of people have recently been wondering the reason behind maximum password lengths, after it was revealed that eBay limited passwords to 20 characters. Many people see this as a security flaw (and in some cases it is), but often there are reasons behind it. I should also mention …

Read More
Uncategorized
8

FBI Cybercrime Crackdown – Blackshades

It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems that the raids are only targeting users of “blackshades” a popular remote administration …

Read More
Uncategorized
1

Rovnix new “evolution”

Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores components on a virtual filesystem outside of the partition. Yesterday Microsoft posted an update explaining a …

Read More
Uncategorized
6

Coding Malware for Fun and Not for Profit (Because that would be illegal)

A while ago some of you may remember me saying that I was so bored of there being no decent malware to reverse, that I might as well write some. Well, I decided to give it a go and I’ve spent some of my free time developing a Windows XP …

Read More
Uncategorized
4

Zorenium – The Bot That Never Was

I was first made aware of Zorenium bot at the start of November last year by a friend on twitter (R136a1). There were no actual sales threads, just a discussion in IRC and a pastebin post detailing some features (http://pastebin.com/Pp5xmtK7). After being sent a sample, I decided not to write …

Read More
Uncategorized
2

The 0x33 Segment Selector (Heavens Gate)

Since I posted the article about malware using the 0x33 segment selector to execute 64-bit code in an 32-bit (WOW64) Process, a few people have asked me how the segment selector actually works deep down (a lot of people think it’s software based). For those who haven’t read the previous …

Read More
Uncategorized
5

Webinjects – The Basics

It’s not uncommon for malware to use a technique known as formgrabbing; this is done by hooking browser functions responsible for encrypting and sending data to a webpage. By intercepting data before it is encrypted with SSL the malware can read the HTTP header and steal usernames and passwords from …

Read More