Skip navigation.


suspect php script



I find this php script in the web space of a friend
I don't understand his target , someone can help me to
understand ? thanks :)


function Clear()

function Clear2()
$mrd = trim(file_get_contents("m"));
$pt = "../$mrd";
echo " $pt " ;
$fin = file_get_contents($pt);
$fin = ereg_replace("(.*)", "", $fin);
$fin = ereg_replace("(.*)", "", $fin);

Suggestions for OC party at Defcon next year ...


Fisrt off, a big thanks to everyone who came and made THE GATHERING a great event at Defcon this year. Hold on to those passes, they might be wroth something someday ... just like that pile of 3/5" install floppies for Windows 3.11 you have stashed in your closet.

The question is, what would oyu like to see next year? The minister of Propaganda ( me ) is already planning and plotting bigger and better things, but I would also like your input.

You can drop suggestions/ideas here , or email me at delchi (at) offensivecomputing . net

The MSN Dark Chain of Spam - and others


Yesterday I've published a blog post about Spam Domain Spreading over MSN

Giuseppe 'Evilcry' Bonfa'

SSH Exploitation Theory

Two effects of SSH is terminal access and SFTP access, which can be used to send and recieve data. When you connect into either SSH/SFTP its going to be a direct established connection; so what if you're connecting an infected SSH server it just happens to have some kind of script that opens an SFTP connection to you using the current connection, checks system info such as Operating System and Client being used.

Multimedia trojan analysis

I just released my analysis about good knowed lately 'multimedia trojan' ,called also:
Symantec - Trojan.Brisv.A
Sophos - W32/GetCodec-A

You can download this paper in two language versions:
I hope you will enjoy it.

Java and windows API functions?



I am wondering if anyone knows if Java (not javascript) is able to access API functions outside of the JRE, i.e. windows Advapi functions like OpenProcess(), Readfile() etc? (Is it possible to adress those features like you can in .NET?)

I am far from being an expert on java (I have only done some basic coding) but what i have learned would seem to indicate a big "NO", but i lave learned that it is better to ask and get some feedback from people who actually know stuff about Java.

Thanks in advance.

CNN & MSNBC Attack - Where is it all coming from?

No file updates in this post but I'm hoping to generate some discussion here...

My e-mail inbox has been flooded since breaking the CNN malspam story. Everyone wants to know where this attack is coming from and how it’s releasing itself into the wild so quickly. I’m sorry to say that I do not have the answer yet… but I do have a hypothesis.

I believe the attack is exploited 100% through hacked/infected computers. We know that the e-mails are being distributed by infected computers as we can tell from the e-mail headers, most of the e-mails come from private ADSL or cable lines. One question remains… how are the websites getting owned? Take a second to consider the following possibility…

Paper on Win32OnlineGames


In the following paper you can read the analysis of Win32OnlineGames, a well spreaded Trojan that acts as Password Stealer for E-Gaming Services.


Hope you like it!

Giuseppe 'Evilcry' Bonfa'

Temporal Reverse Engineering

Thanks to everyone that came to the talk. It went really well and the conversations that were had afterwards were absolutely top notch. One of the real treats for me coming to Blackhat is talking with all you smart people. You can find the slides here.

UPDATE (1/1/2009): Much of the code for this project has been integrated into the VERA project.

Full Research Paper: Breaching Wireless POS Systems

Wireless networks and endpoints offer convenience and connectivity. Unless properly secured, they also offer a means of ingress into the network. This article will describe the vulnerabilities and strategies for mitigation as it pertains to protecting wireless point-of-sale systems.

In the wake of undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eyes towards breaching wireless networks and taking advantage of their many weaknesses. Furthermore, we are seeing a trend towards stealing cardholder information from retailers through much publicized breaches such as TJ Maxx and Hannaford Brothers.

According to the 2008 Data Breach Investigations Report by the Verizon Business Risk Team, 84% of the data compromised in documented breaches pertained to card holder information.

The research paper was published in ISSA Journal.

Syndicate content