Anyone have a sample of the new PDF windows 0day?
No, i'm not dead. Just too busy in the last weeks. But today i have a new paper for you. It's an analysis of the malware Peacomm.C aka StormWorm. It mainly focuses on extracting the native Peacomm.C code from the original crypted/packed code and all things that happens on this way, like: XOR + TEA decryption, TIBS unpacking, defeating Anti-Debugging code, files dropping, driver-code infection, VM-detection tricks and all the nasty things the rootkit-driver does.
A new volume of Uninformed has been released today. Lots of great papers you should definitely check out.
- Real-time Steganography with RTP by I)ruid
- PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3 by Skywing
- Getting out of Jail: Escaping Internet Explorer Protected Mode by Skywing
- OS X Kernel-mode Exploitation in a Weekend by David Maynor
- A Catalog of Windows Local Kernel-mode Backdoors by skape & Skywing
- Generalizing Data Flow Information by skape
Security Focus is running an article about anti-debugging techniques that is very complete and thorough. Nicolas Falliere has done an excellent job outlining the various techniques that programs can use to detect whether a program is being debugged. The kernel version of Saffron was made to circumvent these methods and provide good dumps for malware.
Have you ever wondered about the people behind Offensive Computing? Wish you could have seen one of our talks at Blackhat or Defcon, but wasn't able to attend?
Poking around on google I found a bunch of links that have videos of various Offensive Computing related talks. If anyone finds a link to the Blackhat Video of HD Moore and myself, please post in a comment. That talk had way more content than the Defcon version. Enjoy!
I've seen quite a few threads regarding bots and their sources...
so,instead of listing/uploading them one by one,
(they're way too many along with their variants...),
I thought it would be better to link directly,
to some of the currently bigger public collections...
Some come only in source code,others are in binary form...
whatever the case,have fun analysing them,
at least for as long they will be online...
The archive contains both the source code and compiled binaries.
Harvecter's mirror: http://rapidshare.com/files/51140556/harvecter_bot.rar.html
The mirror contains a group of files, while the original source code pointed
has only one file.
Well, after a lot of time of development (a couple of months) I've decided to speak in public about my new tool.
It seems that malwares coders love talking together about our future threats :