McRat Malware Analysis – Part1

In this issue we are going to analyze McRat, a user's data and passwords stealer. This malware is interesting since it makes use of some anti-debugging techniques and several encryption/obfuscation … read more.

CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis

In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array … read more.

Analysis of CVE-2010-0188 PDF from RedKit ExploitKit


After noticing a substantial increase in RedKit infections, following a series of investigations performed on URLQuery, we have decided to go deeper to understand what was happening behind the … read more.

Update 2 – Facebook infection: the fake “Flash Player”

Infection URLs flow

In these days I've seen some friends of mine taken a facebook virus: this virus posts a message with ten friends tagged and a link to a bad site; the infection, that came from Turkey (almost on the … read more.

Extracting Objects from a Running Process

Few days ago two new 0-days have been spotted in the wild: CVE-2013-0633 and CVE-2013-0634, both of them involving a .swf file, possibly embedded inside a Word Document. It might be interesting to … read more.

Malicious Java Applet Deobfuscation

On Sunday (13th January 2013), I’ve received an email from @it4sec with regards to a malicious Java applet that he had received. So I’ve decided to write about it since Java applet seems like a common … read more.

New Java 0-day Exploit in the Wild – Update 4

According to Kafeine Security a new exploit for Java 7 is in the wild. Not surprisingly this new exploit, announced yesterday on the underweb, comes right after the BlackHole crew announced that their … read more.

Stabuniq Financial Infostealer Trojan Analysis

According to Symantec, Stabuniq is a financial infostealer trojan which has been found on servers belonging to financial institutions, including banking firms and credit unions. The Trojan also … read more.

An overview of Cythosia DDoS Bot

Cythosia v2 is a DDoS Botnet System has been published in BlackMarket Forums a while ago, we decided to publish an article shared on my private blog. Here at UIC R.E. Academy we strongly believe in … read more.

Artro Botnet Anatomy Overview

Following the idea of knowledge sharing, here another article taken from my private blog and shared for our readers. Some time ago, while talking with Roman from, we found it necessary to … read more.