White Papers and Presentations
How to use PyDbg as a powerful multitasking debugger
Since its introduction in 2006, PyDbg has become an essential tool for security researchers and reverse engineers. It is mainly used to discover various software vulnerabilities and weaknesses, as well to analyze malware and perform computer forensics. The present publication is aimed to provide a reader with an introduction to the Python based debugger and deliver practical and real examples of this powerful security tool usage.
September 4, 2012
CVE-2012-1889: Security Update Analysis
Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
July 19, 2012
CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability
Before the 30th of May 2012 attackers were exploiting a new Microsoft Internet explorer 0day. The 30th of May 2012 Google warned Microsoft about this vulnerability existing in the core of Internet Explorer XML services. The 12th of June 2012 Microsoft published a security advisory (2719615) which is not a final patch but a temporary “Fix-It” solution. Finally on June 19th 2012 the Metasploit Project released an exploit module which is 100% reliable for internet explorer IE6/7/8/9, Windows XP, Vista, and all the way to Windows 7 SP1. The present publication explains the details about this vulnerability. As a lab test we used a Windows XP - SP3 computer with IE 6.0.
July 2, 2012
Cybercrime in nowadays businesses: A real case study of targeted attack
The time where information threats were mostly limited to blind attacks of random targets has gone. Nowadays, many costly compromises are due to highly targeted attacks and require various skills, from web application hacking to singletons coding and botnets leveraging through the uncovering and exploitation of 0-day vulnerabilities. Cybercrime has therefore evolved to adapt the market, and criminal groups are now organized into highly specialized entities who collaborate to provide global underground services, such as attacking one’s competitors. Through a real case study, we will explore the complexity of such attacks which endanger today's businesses.
November 2, 2011
Spying Internet Explorer 8.0
Malicious software also known as "Malcode" or "Malware" can compromise the security and functionality of a program. Once "installed" it monitors the user’s habits. This documents introduces this kind of threats by spying a widespread internet browser.
September 28, 2011
Frontal Attacks - From basic compromise to Advanced Persistent Threat
Nowadays, there is a renewed interest in server-side attacks for hackers. According to SANS, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Victims may be the website owners (e.g. intellectual property theft or loss of customer confidence), their clients (e.g. bank transfer fraud or identity theft) as well as any Internet user, since web application vulnerabilities are now widely exploited to convert trusted websites into malicious ones, thus serving client-side exploits contents to Internet users. This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone in many international organizations.
September 16, 2011
Inline Hooking in Windows
This document is the second of a series of five articles relating to the art of hooking. As a test environment we will use an english Windows Seven SP1 operating system distribution.
September 6, 2011