Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream of data of any length. Block ciphers can work on different data blocks sizes and they can take as input keys of different sizes as well. What we want to understand in this first … read more.
A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo's homepage: "Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by … read more.
In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE 3.0 Total Security), we will deal with various hooking techniques used both at user and kernel mode. The reference operating system will be Windows 7 Professional 32-bit. The … read more.
On Malwarebytes' blog it's recently been published a description about Nuclear Pack exploit kit, though there isn't a description of the PDF exploit used, so we've decided to proceed with a more in-depth analysis. PDF analysis In order to start the analysis we have used peepdf: There are two objects that appear to be suspicious: so let's start with... object … read more.
Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code: As it … read more.
Introduction The ARM architecture is a Reduced Instruction Set Computer (RISC) architecture, indeed its originally stood for "Acorn RISC Machine" but now stood for "Advanced RISC Machines". In the … read more.
About a month ago I got a link to ESET's ChallengeMe from a friend, yesterday I had some free time to work on that, and finally I solved it. You can get the crackme from the link … read more.
We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous … read more.
Welcome to the second part of our analysis of Caphaw/Shylock. In the first chapter we have gone through the dropping and unpacking stages of this malware. In this second part we will go through the … read more.