Information leakage analysis in block ciphers – Part 2

Information-leakage-block-cipher-part-2

Cryptology attacks on CBC mode of operation In the first part we talked about block ciphers and their mode of operation. In this part we want to explain more about how an adversary will misuse this mode of operation and perform some successful attacks on cryptographic system, like decrypting a cipher-text without knowing the cryptographic keys. As previously mentioned, in CBC … read more.

Information leakage analysis in block ciphers – Part 1

Information-leakage-block-cipher-part-1

Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream of data of any length. Block ciphers can work on different data blocks sizes and they can take as input keys of different sizes as well. What we want to understand in this first … read more.

Inside a Kippo honeypot: how the billgates botnet spreads

pen resting on business document

A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo's homepage: "Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by … read more.

Kaspersky Hooking Engine Analysis

Kaspersky_Hooking_Engine_Analysis

In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE 3.0 Total Security), we will deal with various hooking techniques used both at user and kernel mode. The reference operating system will be Windows 7 Professional 32-bit. The … read more.

Win32.BlackBerryBBC Malware Analysis

Win32BlackBerryBBC

Today I got a mail containing a malware from [email protected] The sender's address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages the receiver to install a file called Anti-Vir.rar. … read more.

PDF analysis of Nuclear Pack EK and CVE-2010-0188/CVE-2010-2883

CVE-2010-0188_CVE-2013-2883

On Malwarebytes' blog it's recently been published a description about Nuclear Pack exploit kit, though there isn't a description of the PDF exploit used, so we've decided to proceed with a more … read more.

HiMan EK and CVE-2013-2551

Quick Analysis

Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code:   As it … read more.

Introduction to ARMv8 64-bit Architecture

Arm

Introduction The ARM architecture is a Reduced Instruction Set Computer (RISC) architecture, indeed its originally stood for "Acorn RISC Machine" but now stood for "Advanced RISC Machines". In the … read more.

Eset ChallengeME 2013 Solution

Eset-crackme

About a month ago I got a link to ESET's ChallengeMe from a friend, yesterday I had some free time to work on that, and finally I solved it. You can get the crackme from the link … read more.

In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 3

Shylock_3

We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous … read more.