Black Hat Arsenal peepdf Challenge 2015 writeup


At the beginning of August I saw a link on twitter by Jose Miguel Esparza, the author of peepdf tool, about a challenge he created for Black Hat Arsenal conference in USA. So reading the blog post I decided to play with the challenge and now here's my writeup solution. I hope that you like it. PS: I suggest you to spend a bit of your time to try to solve the challenge … read more.

Information leakage analysis in block ciphers – Part 2


Cryptology attacks on CBC mode of operation In the first part we talked about block ciphers and their mode of operation. In this part we want to explain more about how an adversary will misuse this mode of operation and perform some successful attacks on cryptographic system, like decrypting a cipher-text without knowing the cryptographic keys. As previously mentioned, in CBC … read more.

Information leakage analysis in block ciphers – Part 1


Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream of data of any length. Block ciphers can work on different data blocks sizes and they can take as input keys of different sizes as well. What we want to understand in this first … read more.

Inside a Kippo honeypot: how the billgates botnet spreads

pen resting on business document

A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo's homepage: "Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by … read more.

Kaspersky Hooking Engine Analysis


In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky ( PURE 3.0 Total Security), we will deal with various hooking techniques used both at user and kernel mode. The reference operating system will be Windows 7 Professional 32-bit. The … read more.

Win32.BlackBerryBBC Malware Analysis


Today I got a mail containing a malware from [email protected] The sender's address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages … read more.

PDF analysis of Nuclear Pack EK and CVE-2010-0188/CVE-2010-2883


On Malwarebytes' blog it's recently been published a description about Nuclear Pack exploit kit, though there isn't a description of the PDF exploit used, so we've decided to proceed with a more … read more.

HiMan EK and CVE-2013-2551

Quick Analysis

Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code:   As it … read more.

Introduction to ARMv8 64-bit Architecture


Introduction The ARM architecture is a Reduced Instruction Set Computer (RISC) architecture, indeed its originally stood for "Acorn RISC Machine" but now stood for "Advanced RISC Machines". In the … read more.

Eset ChallengeME 2013 Solution


About a month ago I got a link to ESET's ChallengeMe from a friend, yesterday I had some free time to work on that, and finally I solved it. You can get the crackme from the link … read more.