Welcome to the second part of the malware development blog series. Here’s the link to Part 1. Given the length of Part 2, I have split this 2nd part of the blog series into two itself. So, this is what we will cover in part 2: Hide the console Window from user [Part 2-1] Write […]
If you are in cybersecurity, especially Red Teaming, writing a full-undetectable (FUD) malware is a great skill to have. Folks tend to use Metasploit combined with Veil-Evasion or PE injectors like LordPE or Shelter, to generate a binary which can bypass the antivirus. Sometimes this works and sometimes it does not. The worst thing that […]
Introduction Ransomware is a malware which encrypts all files on disk and prevents the users from accessing their system. It has become a raging epidemic and has impacted thousands of organizations all across the globe. The new generation of ransomware, such as Locky and Zepto are delivered via spam e-mails with the common aim to […]
Spam-blasting malware infects thousands of Linux and FreeBSD servers. – Ars Technica, Apr 30, 2015. Mumblehard Malware: Linux-Based Spam Generator Went Unnoticed for Five Years. – Security Intelligence, May 5, 2015. One of the longest living email-spam botnets is dead. – The daily dot, Apr 7, 2016. Why is this malware so hyped? What […]
INTRODUCTION Point-of-sale (POS) is the place where a retail transaction is completed. It is the point at which a customer makes a payment to the merchant in exchange for goods or services. Majority of retail POS systems also include a debit/credit card reader. POINT-OF-SALE INTRUSIONS What is it? When attackers compromise the computers and servers […]
Introduction Cuckoo Sandbox is an Open Source Automated Malware Analysis system that has been gaining more and more attention in recent years. The fact that Cuckoo is fully open source makes it a very interesting system for those that want to modify its internals, experiment with automated malware analysis, and setup scalable and cheap malware […]
Overview ASUS Router RT-N10 Plus is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the result_of_get_changed_status.asp script. A remote authenticated attacker could exploit this vulnerability using the flag parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once […]
In a previous article, we have described the Shellshock vulnerability and in this article we show how to exploit this vulnerability using the BeEF Framework. However, here’s a quick and dirty way to check if you’re vulnerable or not: Type this command:env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” Note: […]
What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The attack occurs when an attacker is able to downgrade the client to use SSLv3. By simulating a failure during the negotiation process, an attacker can force a browser and a server to renegotiate using an […]
Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being performed by the same. The program wasn’t detected by their anti-virus solution during ‘file access operations’. However, some unusual outbound network traffic triggered alerts from the network monitoring team. Filename […]
