Search:

Namaste,
First of all, we must settle on teh definition of "Non-Technical Background". If you think that coming form some non professional academic qualification makes you non-technical then you...

Welcome primer00t, hope to hear more discussions from you in coming days about infosec.
..."vinnu"

A simple trick to save the script form loading "struct" module and converting string or binary data to number is as :

num = int(data[:4][::-1].encode("hex"),16)

and vice-versa would be :
...

The DLL load order also determines the baseaddress of the loaded module. I mean if there are mor ethan one module with same ImageBAse address, then the module loaded first will be mapped to that...

Namaste

This post discuses the things from the point where reversing of any malware ends.
The analysis of a malware is not enough to satisfy any researcher. There is no point
in analysing a...

If you don't have papers to tell ur story, then let ur work speak loudly for u.

..."vinnu"

Namaste

This is done using the concept of "Mediator" or better known as "Intermediate Class".

The mediator/intermediate class has the knowledge of all the internally accessible objects+methods...

Namaste
Any module you try to load from outside world; most of av engines and emet are going to catch it.

..."vinnu"

rule Dirtjumper {
meta:
author = "vinnu"
description = "binary Signature of Dirtjumper aka Win32/Dishigy"
strings:
$magic = "MZ"
$v0 = { 00 00 CE 7B 00 00 E2 7B 00 00 F2 7B 00 00 FE...

rule Dirtjumper {
meta:
author = "vinnu"
description = "binary Signature of Dirtjumper aka Win32/Dishigy"
strings:
$magic = "MZ"
$v0 = { 00 00 CE 7B 00 00 E2 7B 00 00 F2 7B 00 00 FE...

rule Urausy_E {
meta:
author = "vinnu"
description = "Win32/Urausy ransomware binary signature"
strings:
$magic = "MZ"
$v0 = "BMAPIAddress"
$v1 = "BMAPIDetails"
$v2 =...

they dont get root by themselves. But while you install, these apps asks for permissions and as one finds no otherway to install them otherwise, and as soon as you proceed with installation by giving...

Generic MSIL signature :


rule Kazy {
meta :
author = "vinnu"
strings :
$magic = "MZ"
$v0 = "BSJB"
$v2 = "#Strings"

rule Simda {
meta:
author = "vinnu"
description = "Simda binary signature"
strings :
$magic = "MZ"
$v0 = "Misza Cia Less"
$v1 = "inness"
$v2 = "Lau. A"
$v3 = "0B0J0P0V0"

rule Nitol {
meta:
author = "vinnu"
description = "Win32/Nitol DDOS malware binary signature"
strings:
$magic = "MZ"
$v0 = ".htmGET "
$v1 = "__p__commode"
$v2 = "ProcessTrans"...

rule Rodecap_StealRAT {
meta:
author = "vinnu"
description = "StealRAT Binary"
strings:
$magic = "MZ"
$v1 = "SetCurrentDirectory failed (%d)"
$v2 = "RANDOM_STRING"
$v3 = "*.txt"...

rule Paradise_DDOS {
meta:
author = "vinnu"
description = "Paradise DDOS Binary"
strings:
$v1 = "\"PARADISE"
$v2 = "sActiveX"
$v3 = "3Messages"
$v4 = "KWindows"
$v5 =...

Namaste

Administrators and researchers every now and then counter with a situation when they need a syslogd. Instead of downloading a 3rd party tool on internal/secure premises, it is always...

Namaste

The cyber world is full of cyberbeasts (malware/exploits...etc). Under this thread we all can share & make artifacts/signatures/YARA signatures,...,etc of malwares/exploits,..,etc of...

Namaste

The following is the CGenericElement exploit using mshelp:// protocol if Visual studio <2010 is installed,
and is a good sample for beginners of exploitation specially ROP chain...

Very good and informative post, we appreciate your work and patience. Thanx a lot


..."vinnu"

Sure, we all'll be pleased to learn more. Share more.

Wow, What is a botnet panel, never heard about it. Please can u elaborate it little more, it will help us all a lot.
And if you have written/developed anyone please then can u write a tutorial or...

Namaste

As the name itself reveals some information, a sinkhole is server that acts as the CnC (Command & Control) of the bonnet and is controlled by third party and not attacker. The sinkholing...

Following code is for Safari 5.1.7 (7534.57.2) and Chrome 26.0.1410.64m



<html><body>

<li>
<ruby style="display: block;">
<t:IMG id="tim"></t:IMG>
</ruby></li>