How to run userland code from the kernel on Windows – Version 2.0
Introduction 2 years ago, Thierry F. wrote an article in this blog about a technique that could allow a driver to inject a DLL in a process...
View ArticleOctopus-Rex. Evolution of a multi task Botnet
Introduction During the last decade, different types of malware have been targeting Linux servers; Elknot, Encoder, Mirai, LuaBot, NyaDrop, Gayfgt etc. Most of them are used for DDoS purpose but there...
View ArticleAnalyzing a form-grabber malware
Introduction As a new member of the Stormshield Security Intelligence team, my initiation ritual was to analyze a form-grabber malware used to steal passwords thanks to web-browser injection method. In...
View ArticleAttacking a co-hosted VM: A hacker, a hammer and two memory modules
Row-hammer is hardware bug that can cause bit-flips in physical RAM. Mark Seaborn and Thomas Dullien were the first to exploit the DRAM row-hammer bug to gain kernel privileges. Kaveh Razavi et al....
View ArticleAnalyzing an Agent Tesla campaign: from a word document to the attacker...
Introduction Information stealer malware are used on a daily basis by cyber-criminals. They are often designed to extract saved password stored within browsers, instant messaging applications, FTP...
View ArticleSpot the Agent
Password stealers are well-known malware used in daily basis by cyber-criminals. Most of the time those stealers are delivered in ready to used package (builder + panel) with a readme or/and video...
View ArticleDe-obfuscating Jump Chains with Binary Ninja
Malware authors uses extensive obfuscation techniques such as packing, junk code insertion, opaque predicates to harden malware analysis. Binary ninja has recently released a plugin to remove opaque...
View ArticleIn-depth Formbook malware analysis – Obfuscation and process injection
Introduction Formbook is a form-grabber and stealer malware written in C and x86 assembly language. It’s a ready to sell malware, that can be used by cyber-criminals who don’t have any skill in malware...
View ArticleA walk through the AcridRain Stealer
This blogpost will talk about the analysis of a new password stealer named AcridRain and its different updates during the last 2 months. Introduction AcridRain is a new password stealer written in...
View ArticleThe macabre dance of memory chunks
In this post, we want to share some notes on how to exploit heap-based overflow vulnerabilities by corrupting the size of memory chunks. Please note that we do not present here original content but...
View ArticleOrBit: advanced analysis of a Linux dedicated malware
The post OrBit: advanced analysis of a Linux dedicated malware appeared first on Stormshield.
View Article