ESET CrackMe Challenge 2015 Walkthrough

Eset 2015 Crackme Challenge

The ESET CrackMe Challenge 2015 is divided into 2 parts: This is the one you download from the ESET website. You are asked to reverse an UPX packed executable and find one password (Drevokokur). Then the application decrypts a message with this password that basically asks you to decrypt in the same way some unreferenced data inside the exe. This unreferenced data, once … read more.

Black Hat Arsenal peepdf Challenge 2015 writeup

BHUSA_fi

At the beginning of August I saw a link on twitter by Jose Miguel Esparza, the author of peepdf tool, about a challenge he created for Black Hat Arsenal conference in USA. So reading the blog post I decided to play with the challenge and now here's my writeup solution. I hope that you like it. PS: I suggest you to spend a bit of your time to try to solve the challenge … read more.

Information leakage analysis in block ciphers – Part 2

Information-leakage-block-cipher-part-2

Cryptology attacks on CBC mode of operation In the first part we talked about block ciphers and their mode of operation. In this part we want to explain more about how an adversary will misuse this mode of operation and perform some successful attacks on cryptographic system, like decrypting a cipher-text without knowing the cryptographic keys. As previously mentioned, in CBC … read more.

Information leakage analysis in block ciphers – Part 1

Information-leakage-block-cipher-part-1

Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream of data of any length. Block ciphers can work on different data blocks sizes and they can take as input keys of different sizes as well. What we want to understand in this first … read more.

Inside a Kippo honeypot: how the billgates botnet spreads

pen resting on business document

A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo's homepage: "Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by … read more.

Kaspersky Hooking Engine Analysis

Kaspersky_Hooking_Engine_Analysis

In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE … read more.

Win32.BlackBerryBBC Malware Analysis

Win32BlackBerryBBC

Today I got a mail containing a malware from [email protected] The sender's address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages … read more.

PDF analysis of Nuclear Pack EK and CVE-2010-0188/CVE-2010-2883

CVE-2010-0188_CVE-2013-2883

On Malwarebytes' blog it's recently been published a description about Nuclear Pack exploit kit, though there isn't a description of the PDF exploit used, so we've decided to proceed with a more … read more.

HiMan EK and CVE-2013-2551

Quick Analysis

Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code:   As it … read more.

Introduction to ARMv8 64-bit Architecture

Arm

Introduction The ARM architecture is a Reduced Instruction Set Computer (RISC) architecture, indeed its originally stood for "Acorn RISC Machine" but now stood for "Advanced RISC Machines". In the … read more.