πŸ”’
There are new articles available, click to refresh the page.
βœ‡ MalwareTech

How I Found My First Ever ZeroDay (In RDP)

By: MalwareTech β€”

Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS. After all, there are teams of vulnerability …

The post How I Found My First Ever ZeroDay (In RDP) appeared first on MalwareTech.

βœ‡ MalwareTech

BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)

By: MalwareTech β€”

Due to the serious risk of a BlueKeep based worm, I’ve held back this write-up to avoid advancing the timeline. Now that a proof-of-concept for RCE (remote code execution) has been release as part of Metasploit, i feel it’s now safe for me to post this. This article will be …

The post BlueKeep: A Journey from DoS to RCE (CVE-2019-0708) appeared first on MalwareTech.

βœ‡ MalwareTech

DejaBlue: Analyzing a RDP Heap Overflow

By: MalwareTech β€”

In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect every OS from Windows 7 to Windows 10. There is some confusion about which CVE is which, though it’s possible both refer to the same …

The post DejaBlue: Analyzing a RDP Heap Overflow appeared first on MalwareTech.

βœ‡ MalwareTech

YouTube’s Policy on Hacking Tutorials is Problematic

By: MalwareTech β€”

Recently YouTube changed its policy on β€œhacking” tutorials to an essential blanket ban. In the past, such content was occasionally removed under YouTube’s broad β€œHarmful and Dangerous Content” clause, which prohibited videos β€œencouraging illegal activity”. An updated policy now specifically targets instructional hacking videos. One major problem here is that …

The post YouTube’s Policy on Hacking Tutorials is Problematic appeared first on MalwareTech.

βœ‡ MalwareTech

Analysis of CVE-2019-0708 (BlueKeep)

By: MalwareTech β€”

I held back this write-up until a proof of concept (PoC) was publicly available, as not to cause any harm. Now that there are multiple denial-of-service PoC on github, I’m posting my analysis. Binary Diffing As always, I started with a BinDiff of the binaries modified by the patch (in …

The post Analysis of CVE-2019-0708 (BlueKeep) appeared first on MalwareTech.

βœ‡ MalwareTech

Analysis of a VB Script Heap Overflow (CVE-2019-0666)

By: MalwareTech β€”

Anyone who uses RegEx knows how easy it is to shoot yourself in the foot; but, is it possible to write RegEx so badly that it can lead to RCE? With VB Script, the answer is yes! In this article I’ll be writing about what I assume to be CVE-2019-0666. …

The post Analysis of a VB Script Heap Overflow (CVE-2019-0666) appeared first on MalwareTech.

βœ‡ MalwareTech

Video: First Look at Ghidra (NSA Reverse Engineering Tool)

By: MalwareTech β€”

Today during RSA Conference, the National Security Agency release their much hyped Ghidra reverse engineering toolkit. Described asΒ  β€œA software reverse engineering (SRE) suite of tools”, Ghidra sounded like some kind of disassembler framework.Prior to release, my expectation was something more than Binary Ninja, but lacking debugger integration. I figured …

The post Video: First Look at Ghidra (NSA Reverse Engineering Tool) appeared first on MalwareTech.

βœ‡ MalwareTech

Analyzing a Windows DHCP Server Bug (CVE-2019-0626)

By: MalwareTech β€”

Today I’ll be doing an in-depth write up on CVE-2019-0626, and how to find it. Due to the fact this bug only exists on Windows Server, I’ll be using a Server 2016 VM (corresponding patch is KB4487026). Note: this bug was not found by me, I reverse engineered it from …

The post Analyzing a Windows DHCP Server Bug (CVE-2019-0626) appeared first on MalwareTech.

βœ‡ MalwareTech

Tracking the Hide and Seek Botnet

By: MalwareTech β€”

Hide and Seek (HNS) is a malicious worm which mainly infects Linux based IoT devices and routers. The malware spreads via bruteforcing SSH/Telnet credentials, as well as some old CVEs. What makes HNS unique is there’s no command and control server; instead, it receives updates using a custom peer-to-peer network …

The post Tracking the Hide and Seek Botnet appeared first on MalwareTech.

βœ‡ MalwareTech

Best Languages to Learn for Malware Analysis

By: MalwareTech β€”

One of the most common questions I’m asked is β€œwhat programming language(s) should I learn to get into malware analysis/reverse engineering”, to answer this question I’m going to write about the top 3 languages which I’ve personally found most useful. I’ll focus on native malware (malware which does not require …

The post Best Languages to Learn for Malware Analysis appeared first on MalwareTech.

βœ‡ MalwareTech

Investigating Command and Control Infrastructure (Emotet)

By: MalwareTech β€”

Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use more advanced infrastructure to evade endpoint blacklisting and be resilient to take-down. In this article I will go through and explain my process of identifying …

The post Investigating Command and Control Infrastructure (Emotet) appeared first on MalwareTech.

  • There are no more articles
❌