Search:

Type: Posts; User: "vinnu"

Page 1 of 11 1 2 3 4

Search: Search took 0.09 seconds.

  1. Namaste, First of all, we must settle on teh...

    Namaste,
    First of all, we must settle on teh definition of "Non-Technical Background". If you think that coming form some non professional academic qualification makes you non-technical then you...
  2. Replies
    1
    Views
    2,281

    Welcome primer00t, hope to hear more discussions...

    Welcome primer00t, hope to hear more discussions from you in coming days about infosec.
    ..."vinnu"
  3. Replies
    7
    Views
    21,729

    convert string to integer without using struct module

    A simple trick to save the script form loading "struct" module and converting string or binary data to number is as :

    num = int(data[:4][::-1].encode("hex"),16)

    and vice-versa would be :
    ...
  4. The DLL load order also determines the...

    The DLL load order also determines the baseaddress of the loaded module. I mean if there are mor ethan one module with same ImageBAse address, then the module loaded first will be mapped to that...
  5. Replies
    0
    Views
    5,252

    Malware Emulation - An Introduction

    Namaste

    This post discuses the things from the point where reversing of any malware ends.
    The analysis of a malware is not enough to satisfy any researcher. There is no point
    in analysing a...
  6. Replies
    8
    Views
    10,366

    If you don't have papers to tell ur story, then...

    If you don't have papers to tell ur story, then let ur work speak loudly for u.

    ..."vinnu"
  7. Mediator/Intermediate Class

    Namaste

    This is done using the concept of "Mediator" or better known as "Intermediate Class".

    The mediator/intermediate class has the knowledge of all the internally accessible objects+methods...
  8. Replies
    2
    Views
    7,230

    Namaste Any module you try to load from outside...

    Namaste
    Any module you try to load from outside world; most of av engines and emet are going to catch it.

    ..."vinnu"
  9. Replies
    14
    Views
    12,726

    rule Dirtjumper { meta: author = "vinnu"...

    rule Dirtjumper {
    meta:
    author = "vinnu"
    description = "binary Signature of Dirtjumper aka Win32/Dishigy"
    strings:
    $magic = "MZ"
    $v0 = { 00 00 CE 7B 00 00 E2 7B 00 00 F2 7B 00 00 FE...
  10. Replies
    14
    Views
    12,726

    rule Dirtjumper { meta: author = "vinnu"...

    rule Dirtjumper {
    meta:
    author = "vinnu"
    description = "binary Signature of Dirtjumper aka Win32/Dishigy"
    strings:
    $magic = "MZ"
    $v0 = { 00 00 CE 7B 00 00 E2 7B 00 00 F2 7B 00 00 FE...
  11. Replies
    14
    Views
    12,726

    rule Urausy_E { meta: author = "vinnu"...

    rule Urausy_E {
    meta:
    author = "vinnu"
    description = "Win32/Urausy ransomware binary signature"
    strings:
    $magic = "MZ"
    $v0 = "BMAPIAddress"
    $v1 = "BMAPIDetails"
    $v2 =...
  12. they dont get root by themselves. But while you...

    they dont get root by themselves. But while you install, these apps asks for permissions and as one finds no otherway to install them otherwise, and as soon as you proceed with installation by giving...
  13. Replies
    14
    Views
    12,726

    Generic MSIL signature : rule Kazy { meta...

    Generic MSIL signature :


    rule Kazy {
    meta :
    author = "vinnu"
    strings :
    $magic = "MZ"
    $v0 = "BSJB"
    $v2 = "#Strings"
  14. Replies
    14
    Views
    12,726

    rule Simda { meta: author = "vinnu"...

    rule Simda {
    meta:
    author = "vinnu"
    description = "Simda binary signature"
    strings :
    $magic = "MZ"
    $v0 = "Misza Cia Less"
    $v1 = "inness"
    $v2 = "Lau. A"
    $v3 = "0B0J0P0V0"
  15. Replies
    14
    Views
    12,726

    rule Nitol { meta: author = "vinnu"...

    rule Nitol {
    meta:
    author = "vinnu"
    description = "Win32/Nitol DDOS malware binary signature"
    strings:
    $magic = "MZ"
    $v0 = ".htmGET "
    $v1 = "__p__commode"
    $v2 = "ProcessTrans"...
  16. Replies
    14
    Views
    12,726

    rule Rodecap_StealRAT { meta: author =...

    rule Rodecap_StealRAT {
    meta:
    author = "vinnu"
    description = "StealRAT Binary"
    strings:
    $magic = "MZ"
    $v1 = "SetCurrentDirectory failed (%d)"
    $v2 = "RANDOM_STRING"
    $v3 = "*.txt"...
  17. Replies
    14
    Views
    12,726

    rule Paradise_DDOS { meta: author = "vinnu"...

    rule Paradise_DDOS {
    meta:
    author = "vinnu"
    description = "Paradise DDOS Binary"
    strings:
    $v1 = "\"PARADISE"
    $v2 = "sActiveX"
    $v3 = "3Messages"
    $v4 = "KWindows"
    $v5 =...
  18. Replies
    0
    Views
    3,474

    Your own Syslogd server..."vinnu"

    Namaste

    Administrators and researchers every now and then counter with a situation when they need a syslogd. Instead of downloading a 3rd party tool on internal/secure premises, it is always...
  19. Replies
    14
    Views
    12,726

    Hunting Beasts..."vinnu"

    Namaste

    The cyber world is full of cyberbeasts (malware/exploits...etc). Under this thread we all can share & make artifacts/signatures/YARA signatures,...,etc of malwares/exploits,..,etc of...
  20. Developers Holocaust with IE 8 CGenericElement win7..."vinnu"

    Namaste

    The following is the CGenericElement exploit using mshelp:// protocol if Visual studio <2010 is installed,
    and is a good sample for beginners of exploitation specially ROP chain...
  21. Replies
    1
    Views
    20,610

    Very good and informative post, we appreciate...

    Very good and informative post, we appreciate your work and patience. Thanx a lot


    ..."vinnu"
  22. Sure, we all'll be pleased to learn more. Share...

    Sure, we all'll be pleased to learn more. Share more.
  23. Wow, What is a botnet panel, never heard about...

    Wow, What is a botnet panel, never heard about it. Please can u elaborate it little more, it will help us all a lot.
    And if you have written/developed anyone please then can u write a tutorial or...
  24. Replies
    1
    Views
    4,525

    Namaste As the name itself reveals some...

    Namaste

    As the name itself reveals some information, a sinkhole is server that acts as the CnC (Command & Control) of the bonnet and is controlled by third party and not attacker. The sinkholing...
  25. Safari 5.1.7 (7534.57.2) and Chrome 26.0.1410.64m

    Following code is for Safari 5.1.7 (7534.57.2) and Chrome 26.0.1410.64m



    <html><body>

    <li>
    <ruby style="display: block;">
    <t:IMG id="tim"></t:IMG>
    </ruby></li>
Results 1 to 25 of 271
Page 1 of 11 1 2 3 4