Logo Logo Logo Logo Logo
  • stormshield.com
  • stormshield.com
ThisIsSecurity
A walk through the AcridRain Stealer

This blogpost will talk about the analysis of a new password stealer named AcridRain and its different updates during the last 2 months. Introduction AcridRain is a new password stealer written in C/C++ that showed up on forums around the 11th of July 2018. This malware can...

28 August 2018 | by Coldshell
ThisIsSecurity
In-depth Formbook malware analysis – Obfuscation and process injection

Introduction Formbook is a form-grabber and stealer malware written in C and x86 assembly language. It's a ready to sell malware, that can be used by cyber-criminals who don't have any skill in malware development. The sample analyzed in this blog-post has been dropped by...

29 March 2018 | by Rémi Jullian
ThisIsSecurity
De-obfuscating Jump Chains with Binary Ninja

Malware authors uses extensive obfuscation techniques such as packing, junk code insertion, opaque predicates to harden malware analysis. Binary ninja has recently released a plugin to remove opaque predicates - that is, branch paths that are never taken. Thanks to Medium Level Intermediate Language (MLIL), only...

20 March 2018 | by Mehdi Talbi
ThisIsSecurity
Spot the Agent

Password stealers are well-known malware used in daily basis by cyber-criminals. Most of the time those stealers are delivered in ready to used package (builder + panel) with a readme or/and video tutorials. Those malware aim to steal credentials in all kinds of software, record...

2 March 2018 | by Coldshell
ThisIsSecurity
Analyzing an Agent Tesla campaign: from a word document to the attacker credentials

Introduction Information stealer malware are used on a daily basis by cyber-criminals. They are often designed to extract saved password stored within browsers, instant messaging applications, FTP clients and many more. Key-logger mechanism may also be embedded, in order to grab additional credentials, that are never...

12 January 2018 | by Rémi Jullian
ThisIsSecurity
Attacking a co-hosted VM: A hacker, a hammer and two memory modules

Row-hammer is hardware bug that can cause bit-flips in physical RAM. Mark Seaborn and Thomas Dullien were the first to exploit the DRAM row-hammer bug to gain kernel privileges. Kaveh Razavi et al. pushed the exploitation of row-hammer bugs to the next level. They abused an OS feature - memory...

19 October 2017 | by Mehdi Talbi
ThisIsSecurity
Analyzing a form-grabber malware

Introduction As a new member of the Stormshield Security Intelligence team, my initiation ritual was to analyze a form-grabber malware used to steal passwords thanks to web-browser injection method. In this article I'll try to present a detailed analysis of this malware, with emphasis on the...

28 September 2017 | by Rémi Jullian
ThisIsSecurity
Octopus-Rex. Evolution of a multi task Botnet

Introduction During the last decade, different types of malware have been targeting Linux servers; Elknot, Encoder, Mirai, LuaBot, NyaDrop, Gayfgt etc. Most of them are used for DDoS purpose but there are some exceptions. Rex is one of them. In this article we’ll try to present a...

28 October 2016 | by Benkow_
ThisIsSecurity
How to run userland code from the kernel on Windows – Version 2.0

Introduction 2 years ago, Thierry F. wrote an article in this blog about a technique that could allow a driver to inject a DLL in a process (https://thisissecurity.net/2014/04/08/how-to-run-userland-code-from-the-kernel-on-windows/). This was based on the reverse engineering of the field PEB.KernelCallbackTable, which is untyped and completely undocumented. You may...

19 October 2016 | by Edouard S
  • 1
  • 2
  • 3
  • 4
logo
  • stormshield.com
  • Legal Notice
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok