Clik here to view.
Weekly Cybernote #5
For this latest edition of the Weekly Cybernote, we will first of all look at the data theft that took place last week at Orange, then go on to how a German hacker was able to prove that even the...
View ArticleClik here to view.
Weekly Cybernote #6
For today’s Weekly Cybernote, we will focus on two security-related current events that have been highly discussed on the web for more than a month and a half now: the end of support for Windows XP and...
View ArticleClik here to view.
Weekly Cybernote #7
For this latest edition of the Weekly Cybernote, we will expand on three hot topics that have been widely debated on the internet over the past week: the notorious hack on eBay’s website and the theft...
View ArticleClik here to view.
Weekly Cybernote #8
For this eighth edition of the Weekly Cybernote, we will concentrate on three very different subjects: the hack orchestrated by Iranian cyber-spies through a bogus news website, the music streaming...
View ArticleClik here to view.
Linux known exploit detection
The integration of a new patch into the Linux kernel has been proposed to enable the successful detection of exploitation attempts. The principle is very simple: when a security fix is added to the...
View ArticleClik here to view.
Weekly Cybernote #9
For this 9th edition of our Weekly Cybernote, we will as usual cover three topics. The first concerns the new banking malware Dyreza, while the second will be about how YouTube is used by hackers to...
View ArticleClik here to view.
Weekly Cybernote #10
For this edition of the Weekly Cybernote, first of all, we will touch on Project Zero, the elite crack team set up by Google to fight zero-day attacks. We will then discuss an attack identified in...
View ArticleClik here to view.
Win32/Atrax.A
Atrax is a malware discovered during the summer of 2013. It includes some basic features like distributed denial-of-service, keylogging, the ability to steal banking credentials, to send spam or to...
View ArticleClik here to view.
Poweliks – Command Line Confusion
Recently, hFireF0X provided a detailed walkthrough on the reverse engineering forum kernelmode.info about Win32/Poweliks malware. The particularity of this malware is that it resides in the Windows...
View ArticleClik here to view.
Warbird Operation
Introduction Some time ago while working on Windows 8, we came across a rather unusual piece of disassembly in some Microsoft binary files. This post describes some of our findings and how they are...
View ArticleClik here to view.
Playing with signals : An overview on Sigreturn Oriented Programming
Introduction Back to last GreHack edition, Herbert Bos has presented a novel technique to exploit stack-based overflows more reliably on Linux. We review hereafter this new exploitation technique and...
View ArticleClik here to view.
From Europe to Africa: put your security skills to the test with the...
Join 1,000+ security talents for a unique intercontinental contest of hacking and job-related sessions in Lille on the 27th and 28th of June. The event’s 6th edition is an exciting opportunity for all...
View ArticleClik here to view.
STORMSHIELD PRESENTS THE HAKA PROJECT AT DEF CON 2015
Every year, the best of Hackers’ world finds shelter at the famous hacking convention DEF CON at Paris/Bally’s in Las Vegas (USA). During the 23rd edition, visitors will as always enjoy a multitude of...
View ArticleClik here to view.
When ELF.BillGates met Windows
If you are used to play with honeypots, you have inevitably met the ELF.BillGates malware. It is a known[1] botnet spread over Internet for 4 years. In a nutshell, ELF.BillGates is a (Chinese) DDOS...
View ArticleClik here to view.
Low-cost point of sales (PoS) hacking
Hacking point of sales (PoS) systems is a very trendy topic. A lot of PoS malware can be found in the wild (jackPOS, gamaPOS, Backoff, FighterPOS…). At every big breach of PoS systems, media talk about...
View ArticleClik here to view.
Hackers do the Haka – Part 1
Haka is an open source network security oriented language that allows writing security rules and protocol dissectors. In this first part of a two-part series, we will focus on writing security rules....
View ArticleClik here to view.
A lockpicking exercise
A malware calling itself « CTB-locker » is spreading over some websites since the 12th of February 2016. This campaign is different to classical ransomware attacks that focus only on workstations, at...
View ArticleClik here to view.
Let’s ride with TeslaCrypt
As you can see, we have been working on ransomware over the past few days. This time, we are talking about TeslaCrypt. TeslaCrypt is a ransomware spread by e-mails or exploit kits. It encrypts your...
View ArticleClik here to view.
Gamarue loves malicious JavaScript too
A deep look inside a recent campaign In malware ecosystem, there is some old malware families are able to adapt their propagation methods and successfully continue to infect many users. It is the case...
View ArticleClik here to view.
From website-locker to DDoS: Rex !
In May 2016, Softpedia wrote an article about a Drupal web ransomware. This malware exploits an SQL Injection on CMS Drupal, changes admin credentials and asks for bitcoins to unlock content. After...
View Article