The ESET CrackMe Challenge 2015 is divided into 2 parts: This is the one you download from the ESET website. You are asked to reverse an UPX packed executable and find one password (Drevokokur). Then the application decrypts a message with this password that basically asks you to decrypt in the same way some unreferenced data inside the exe. This unreferenced data, once … read more.
At the beginning of August I saw a link on twitter by Jose Miguel Esparza, the author of peepdf tool, about a challenge he created for Black Hat Arsenal conference in USA. So reading the blog post I decided to play with the challenge and now here's my writeup solution. I hope that you like it. PS: I suggest you to spend a bit of your time to try to solve the challenge … read more.
Cryptology attacks on CBC mode of operation In the first part we talked about block ciphers and their mode of operation. In this part we want to explain more about how an adversary will misuse this mode of operation and perform some successful attacks on cryptographic system, like decrypting a cipher-text without knowing the cryptographic keys. As previously mentioned, in CBC … read more.
Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream of data of any length. Block ciphers can work on different data blocks sizes and they can take as input keys of different sizes as well. What we want to understand in this first … read more.
A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo's homepage: "Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by … read more.
In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE … read more.
On Malwarebytes' blog it's recently been published a description about Nuclear Pack exploit kit, though there isn't a description of the PDF exploit used, so we've decided to proceed with a more … read more.
Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code: As it … read more.