ARM exploitation for IoT – Episode 3

In the previous episodes we have seen some basic concepts regarding ARM reversing and shellcode writing. In this last part will see a brief introduction to exploit writing and we’ll keep it as simple as possible. The list of topics is: Modify the value of a local variable Redirect the execution flow Overwrite return address […]

ARM exploitation for IoT – Episode 2

Introduction In part 1 we’ve seen an introduction in reversing of some simple ARM applications, we’ve also seen how to set up the work environment and how to write a hello world (also with syscall). In this episode we will use the same work environment. ARM shellcoding We will see some basic shellcode: Shell spawning […]

ARM exploitation for IoT – Episode 1

Introduction and motivation Few weeks ago while attending a conference I noticed that the proposed ARM exploitation course for IoT price tag was quite substantial and decided to write my own, to allow those who can’t to spend that much to still be able to study the topic. I will present this course in three different […]

Information leakage analysis in block ciphers – Part 2

Cryptology attacks on CBC mode of operation In the first part we talked about block ciphers and their mode of operation. In this part we want to explain more about how an adversary will misuse this mode of operation and perform some successful attacks on cryptographic system, like decrypting a cipher-text without knowing the cryptographic keys. […]

Information leakage analysis in block ciphers – Part 1

Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream of data of any length. Block ciphers can work on different data blocks sizes and they can take as input keys of different […]

Inside a Kippo honeypot: how the billgates botnet spreads

A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo’s homepage: “Kippo is a medium interaction SSH honeypot designed to log brute […]

Kaspersky Hooking Engine Analysis

In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky (http://www.kaspersky.com/it/trials PURE 3.0 Total Security), we will deal with various hooking techniques used both at user and kernel mode. The reference operating system will be Windows 7 Professional 32-bit. The image below shows […]

Win32.BlackBerryBBC Malware Analysis

Today I got a mail containing a malware from [email protected] The sender’s address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages the receiver to install a file called Anti-Vir.rar.

New Java 0-day Exploit in the Wild – Update 4

According to Kafeine Security a new exploit for Java 7 is in the wild. Not surprisingly this new exploit, announced yesterday on the underweb, comes right after the BlackHole crew announced that their team has been given a budget of 100.000$ to acquire unique web browser exploits. Currently the exploit has been reported to work up […]

How To Attack a WEP/WPA Protected Wireless Network

Updated on Jan/2013: Added WPS section Any help in completing this document is welcome, thanks! In this guide we’ll try to discuss the many vulnerabilities affecting the WEP and WPA protocols. We’ll also show you some techniques that can be used to break these protection schemes. Feel free to add any missing questions. Thanks 🙂 Greetings: […]