Android Fake Вrowser Update Analysis

Recently our colleague N3mes1s found a fake browser updater (password, as usual is: infected) for Android, so I decided to take a look at it. Before we begin I suggest you to download … read more.

McRat Malware Analysis – Part1

In this issue we are going to analyze McRat, a user's data and passwords stealer. This malware is interesting since it makes use of some anti-debugging techniques and several encryption/obfuscation … read more.

CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis

In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array … read more.

Analysis of CVE-2010-0188 PDF from RedKit ExploitKit


After noticing a substantial increase in RedKit infections, following a series of investigations performed on URLQuery, we have decided to go deeper to understand what was happening behind the … read more.

Update 2 – Facebook infection: the fake “Flash Player”

Infection URLs flow

In these days I've seen some friends of mine taken a facebook virus: this virus posts a message with ten friends tagged and a link to a bad site; the infection, that came from Turkey (almost on the … read more.

Extracting Objects from a Running Process

Few days ago two new 0-days have been spotted in the wild: CVE-2013-0633 and CVE-2013-0634, both of them involving a .swf file, possibly embedded inside a Word Document. It might be interesting to … read more.

Malicious Java Applet Deobfuscation

On Sunday (13th January 2013), I’ve received an email from @it4sec with regards to a malicious Java applet that he had received. So I’ve decided to write about it since Java applet seems like a common … read more.

New Java 0-day Exploit in the Wild – Update 4

According to Kafeine Security a new exploit for Java 7 is in the wild. Not surprisingly this new exploit, announced yesterday on the underweb, comes right after the BlackHole crew announced that their … read more.

Stabuniq Financial Infostealer Trojan Analysis

According to Symantec, Stabuniq is a financial infostealer trojan which has been found on servers belonging to financial institutions, including banking firms and credit unions. The Trojan also … read more.

An overview of Cythosia DDoS Bot

Cythosia v2 is a DDoS Botnet System has been published in BlackMarket Forums a while ago, we decided to publish an article shared on my private blog. Here at UIC R.E. Academy we strongly believe in … read more.