Welcome to the second part of the malware development blog series. Here’s the link to Part 1. Given the length of Part 2, I have split this 2nd part of the blog series into two itself. So, this is what we will cover in part 2: Hide the console Window from user [Part 2-1] Write […]
If you are in cybersecurity, especially Red Teaming, writing a full-undetectable (FUD) malware is a great skill to have. Folks tend to use Metasploit combined with Veil-Evasion or PE injectors like LordPE or Shelter, to generate a binary which can bypass the antivirus. Sometimes this works and sometimes it does not. The worst thing that […]
An important aspect of effective threat hunting is to understand what is normal in an environment. If a threat hunter is able to baseline the normal behaviour in a system then any abnormality is most likely due to an actor that has newly entered the environment. This actor could be a new software installation, new […]
Before we start to configure our decoys and put it in our production environment, let’s take a look at what exactly it is and how it differs from the usual honeypot. Honeypots are vulnerable systems configured to lure the attacker who is present in an organization. This attacker need not be from outside the environment. […]
Most organizations face a barrage of attacks every day from threat actors around the globe. Among the various vectors, attackers have found relatively high degree of success by (spear) phishing employees of the organization. This allows attackers to bypass perimeter defences and gain a foothold in the internal network. SOC teams have multiple approaches to […]
Introduction When an attacker compromises an end-point system in an organization, he needs some sort of confirmation that: his code was executed on the targeted system he is able to send data out of the organization without raising any alarm with the SOC Simple innocuous data from the compromised host to the attacker’s controlled system […]
What is Information Rights Management? Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides “in” or “outside” the corporate boundaries. This happens as the permissions embedded inside the file don’t allow unauthorized access, modification, copying or printing. […]
What is Fuzzing? Fuzz testing is a testing technique that provides malicious input to the application. Fuzz testing is crashes, assertion failures, and memory leaks when program fails to handle the malicious input. Fuzz testing identifies vulnerabilities which are severe in nature. The typical fuzzing checks the application for buffer overflow, format string vulnerability which […]
Code Analysis Tool (CAT.NET) is a binary source code analysis tool that helps in identifying common security flaws in managed code. These vulnerabilities are listed in the below table. Vulnerability Description Cross Site Scripting(XSS) XSS vulnerability allows an attacker to inject a malicious HTML Code or Scripts which gets executed in the Client’s browser. A successful XSS […]
For my research, I chose to analyze a popular Android application for malwares. But why select a Russian version? Well, it made a compelling case study from analysis perspective that I later found out during my research. The application I selected was popular game called FruitNinja downloaded from Russian Fake Android Store (Figure 1). Figure […]
