With more than 11,000 athletes from 206 countries participating, the world is watching the delayed Tokyo 2020 Olympic Games with great enthusiasm. But, unfortunately, while the Olympics showcases the very best in sporting talent, it also has a history of attracting cybersecurity threats from those seeking to cause politically motivated harm, make easy money, spread […]
Note: This is a technical deep-dive into DearCry ransomware. If you want a preliminary analysis of the ransomware, you can find it here. The Network Intelligence team initiated a Static analysis of the ransomware sample we received. The team used a tool called PEstudio, which helps in the static analysis of executable files. Static Analysis […]
Note: We have also done a technical analysis on DearCry. Read here. It’s a warm summer morning. While sipping your morning coffee, you access the work email. But you’re unable to log in. After trying a few tricks you’ve read up in some tech blogs, you reach out to your IT team. They remote log-in […]
As you might already be aware that ARM powers a variety of low-powered devices around us, including but not limited to, phones, routers, IoT devices, etc. Therefore, it is only logical to dig into this architecture and understand how it differs from x86 and x64 architectures. For this blog post, we will focus on 64bit […]
Welcome to the part 4 of malware development .In the previous parts 1, 2-1, 2-2 and 3, we created a binary which can listen to the commands from our botnet server. We also wrote the C2 server in python3 which can handle multiple connections via multithreading and send commands to all of them. In this […]
In the previous parts 1, 2-1 and 2-2 of this series we created a binary that can connect to, and parse commands sent via netcat listener. However, netcat is not an ideal choice for a Botnet Server, and in this post, we will be writing a full-fledged python3 Botnet Server, sending commands to our Bot […]
In the previous parts of this blog series, I introduced the concept of writing a full-undetectable malware and about writing a client-side socket using Windows API. In this blog, we are going to parse the reply received from the netcat server and prompt a reply as to whether the command was parsed or not. […]
Welcome to the second part of the malware development blog series. Here’s the link to Part 1. Given the length of Part 2, I have split this 2nd part of the blog series into two itself. So, this is what we will cover in part 2: Hide the console Window from user [Part 2-1] Write […]
If you are in cybersecurity, especially Red Teaming, writing a full-undetectable (FUD) malware is a great skill to have. Folks tend to use Metasploit combined with Veil-Evasion or PE injectors like LordPE or Shelter, to generate a binary which can bypass the antivirus. Sometimes this works and sometimes it does not. The worst thing that […]
