PHoneyC DOM Emulation - Window
A few weeks ago I started reviewing the PHoneyC DOM emulation code and realized it was turning to be hard to maintain and debug due to a huge amount of undocumented (and sometimes awful) hacks. For...
View ArticleAnother great step forward
“Dionaea is meant to be a Nepenthes successor, embedding Python as scripting language, using libemu to detect shellcodes, supporting IPv6 and TLS” (taken from Dionaea homepage). Besides being the most...
View ArticlePHoneyC DOM Emulation – Browser Personality
A new improvement in PHoneyC DOM emulation code was committed in SVN r1624. The idea is to better emulate the DOM behaviour depending on the selected browser personality. Let's take a look at the code...
View ArticleExport Address Table Filtering (EMET v2)
I'll tell you the truth: Export Address Table Filtering, the feature of the upcoming release of EMET, "designed to break nearly all shell code in use today", intrigued me a bit.Sysenter Chapterread more
View ArticleIs that PDF so scary?
- "it bypasses DEP and ASLR using impressive tricks and unusual methods" - Vupen - "it uses a previously unpublished technique to bypass ASLR" - Metasploit Blog- "exploit uses the ROP technique to...
View ArticleTrojan Carberp
I'm interested in infostealers and specifically in banking-trojans so I didn't want to miss this one. Samples of Carberp are floating around at least since last spring but in late September we saw such...
View ArticleMurofet, Zeus++ or just Zeus 2.1?
The first one writing about this new threat was Marco Giuliani. So, Murofet or Zeus++? Taking a look at a couple of samples we were able to identify: - Same API hooks - Same encryption routine for...
View ArticleSysenter Chapter - Status Report 2011
ORGANIZATIONThe Sysenter Chapter was founded in August 2010 and currently consists of the following people:Angelo Dell'AeraGuido LandiPatrik LantzRoberto TanaraThe Chapter members are interested in...
View ArticleSysenter Chapter Status Report 2012
ORGANIZATIONThe Sysenter Chapter was founded in August 2010 and currently consists of the following people:Angelo Dell'AeraCharlie HurelGianluca GuidaGuido LandiPatrik LantzPietro DelsanteRoberto...
View ArticleMalware-serving theaters for your android phones - Part 1
Some nights ago I was heading to a local theater with some (non-nerd) friends. We did not recall very well the address, so I brought out my phone (LG Nexus 4 with Android 4.4.2 and Google Chrome) and...
View ArticleClik here to view.
Malware-serving theaters for your android phones - Part 2
In this post I will analyze the Android APK files that my friend Pietro Delsante from the Honeynet Project Sysenter Chapter talks about in his previous post (thank you Pietro). The files are all named...
View ArticleReleased peepdf v0.3
After some time without releasing any new version here is peepdf v0.3. It is not that I was not working in the project, but since the option to update the tool from the command line was released...
View ArticleSysenter Chapter - Chapter Status Report for 2014
ORGANIZATIONThe Sysenter Chapter was founded in August 2010 and currently consists of the following people:André VorbachAndrea De PasqualeAngelo Dell'AeraCharlie HurelGianluca GuidaGuido LandiJeff...
View Article
