Skip navigation.
Home

blogs

PDF 0day

Anyone have a sample of the new PDF windows 0day?

V.

Peacomm.C - Cracking the nutshell

No, i'm not dead. Just too busy in the last weeks. But today i have a new paper for you. It's an analysis of the malware Peacomm.C aka StormWorm. It mainly focuses on extracting the native Peacomm.C code from the original crypted/packed code and all things that happens on this way, like: XOR + TEA decryption, TIBS unpacking, defeating Anti-Debugging code, files dropping, driver-code infection, VM-detection tricks and all the nasty things the rootkit-driver does.

http://www.reconstructer.org/papers.html

cheers,
frank

New Uninformed out

http://www.uninformed.org/

A new volume of Uninformed has been released today. Lots of great papers you should definitely check out.

- Real-time Steganography with RTP by I)ruid
- PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3 by Skywing
- Getting out of Jail: Escaping Internet Explorer Protected Mode by Skywing
- OS X Kernel-mode Exploitation in a Weekend by David Maynor
- A Catalog of Windows Local Kernel-mode Backdoors by skape & Skywing
- Generalizing Data Flow Information by skape

Anti-Debugging Reference Paper

Security Focus is running an article about anti-debugging techniques that is very complete and thorough. Nicolas Falliere has done an excellent job outlining the various techniques that programs can use to detect whether a program is being debugged. The kernel version of Saffron was made to circumvent these methods and provide good dumps for malware.

Blackhat / Defcon Videos

Have you ever wondered about the people behind Offensive Computing? Wish you could have seen one of our talks at Blackhat or Defcon, but wasn't able to attend?

Poking around on google I found a bunch of links that have videos of various Offensive Computing related talks. If anyone finds a link to the Blackhat Video of HD Moore and myself, please post in a comment. That talk had way more content than the Defcon version. Enjoy!

Danny Quist / Valsmith: DefCon 15 - Covert Debugging

Bots collections...

I've seen quite a few threads regarding bots and their sources...
so,instead of listing/uploading them one by one,
(they're way too many along with their variants...),
I thought it would be better to link directly,
to some of the currently bigger public collections...
Some come only in source code,others are in binary form...
whatever the case,have fun analysing them,
at least for as long they will be online...

Ldpinch trojan source code

Download Infostealer.Ld-Pinch 1.0's source code

The archive contains both the source code and compiled binaries.

Cheers :)
Kish

Harvecter bot

|

Harvecter bot's source code

Harvecter's mirror: http://rapidshare.com/files/51140556/harvecter_bot.rar.html
The mirror contains a group of files, while the original source code pointed
has only one file.

Cheers :)
Kish

Malzilla

Well, after a lot of time of development (a couple of months) I've decided to speak in public about my new tool.

Malzilla is a tool for malware-hunters. It contains downloader/HTML browser, JavaScript interpreter based on Mozilla SpiderMonkey, some decoders for various types of encoded data (used on web sites) etc, all in order to find the download link to the malicious file.

Here is the Part 1 of the introduction to Malzilla

Malwares coders forums??

It seems that malwares coders love talking together about our future threats :
http://www.vx.eof-project.net/

Syndicate content