(Not) All She Wrote (Part 1): Rigged PDFs

Hello paranoids  You know that moment when you get an email with an attached document and a promise of good fortune once you open it? Great, the following set of posts is for you. Lately i have been trying to learn how to speed up analysis of malicious documents (e.g. PDFs, Office, RTFs). Due to … Continue reading (Not) All She Wrote (Part 1): Rigged PDFs

Advertisements

PympMyBinary: Infecting Binaries

Hello paranoids  This post will be short comes quite late. I would like to introduce you my latest creation: PympMyBinary (GitHub URL). PympMyBinary is a binary infector with the purpose of injecting shellcode into legitimate binaries. The entrypoint for the binary is overwritten so that the shellcode is executed first. The execution is then passed … Continue reading PympMyBinary: Infecting Binaries

63 Problems But Malware Ain’t One: 882aef202a56008ad20a61c8960eb830

Hello paranoids  As promised i am back to reverse stuff. This time, and following the previous sequence of posts, i have decided to pick an Android malware for analysis. Without further ado, let us begin. Malware Characteristics MD5: 882aef202a56008ad20a61c8960eb830 Family name: Ginmaster (GingerMaster) Obfuscation/Packing: Yes/No  GingerMaster was the first Android malware using GingerBreak exploit, an exploit that affects GingerBread … Continue reading 63 Problems But Malware Ain’t One: 882aef202a56008ad20a61c8960eb830

Android Reversing Part 3: Tampering with Android Applications

Hello paranoids  So, after all those theory-related posts, it is time to actually do something. On this post, i will tamper with a simple application for Android. Let us begin: The Test Application  As referred on the post about tools there is a website from which you can download APKs, APKMirror. However, i will do the … Continue reading Android Reversing Part 3: Tampering with Android Applications

63 Problems But Malware Ain’t One: 8ca23d7bdf520c3e7ac538c1ceb7b555

Hello paranoids Recovered from my previous post? No? Great! My overall objectives for the previous post were to: Show you how to unpack a malware Unpacking constructions (e.g. anti-debugging, shellcode, dynamic resolution of dependencies) On this post, i intend to: Go over some network/host tracks left by the malware Malware supported commands and features The … Continue reading 63 Problems But Malware Ain’t One: 8ca23d7bdf520c3e7ac538c1ceb7b555

Unpacker for Hire: 8ca23d7bdf520c3e7ac538c1ceb7b555

Hello paranoids As i referred on my previous post, i have started a Reverse Engineering/Malware Analysis journey. One of the topics i find most interesting about malware is packing. A packer is an algorithm that manipulates a simple binary and adds one or more of the following features (this is not an exhaustive list): cryptors and/or compressors: e.g. … Continue reading Unpacker for Hire: 8ca23d7bdf520c3e7ac538c1ceb7b555

Technicolor TG784n v3 hidden dangers and privilige escalation (made simple)

If you are reading this post: congratulations!, you are reading my first post ever on a blog. I am pretty sure we share (if you like security) some concerns regarding internet-connected devices in your house, specially those you can't understand correctly (in my case smartphones and ISP devices). This post regards the latter since, even … Continue reading Technicolor TG784n v3 hidden dangers and privilige escalation (made simple)