Yasin SURER

44 Flips | 1 Magazine | 7 Likes | @yasinsurer | Keep up with Yasin SURER on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “Yasin SURER”

Unpacking Malware Series: Venis Ransomware

IntroductionThe samples of <i>Venis</i> ransomware I’ve been analyzing implement some anti-debugging and anti-sandboxing tricks. Those tricks are the …

Quick And Dirty Binary Patching With A Hex Editor

Whether it's to circumvent an anti-analysis check, or simply a bug that needs to be fixed, patching a binary is a useful technique to have in the …

Dangers of the Decompiler

Traditional (assembly level) reverse engineering of software is a tedious process that has been made far more accessible by modern day decompilers. …

CrackMe Solutions

• Imagination by kratorius<br>• [A]dvanced Keygenme by sd333221<br>• KeyMe by BadSector/k23

Let's Learn: Dissecting Golroted Trojan's Process Hollowing Technique & UAC Bypass in HKCU\Environment

<b>Goal</b>: Reverse the Golroted Trojan with the focus on its native API process hollowing technique and User Account (UAC) bypass method exploiting …

ESET CrackMe Challenge 2015 Walkthrough

The ESET CrackMe Challenge 2015 is divided into 2 parts: This is the one you download from the ESET website. You are asked to reverse an UPX packed …

Taiwan Heist: Lazarus Tools and Ransomware

Posted by<p>BAE Systems Applied Intelligence - Monday, 16 October 2017<p><i>Written by Sergei Shevchenko, Hirman Muhammad bin Abu Bakar, and James …

Base91 & Angler SWFs

If anyone is curious the encoding that Angler is using in their SWFs is base91. The encoding was hinted at in an excellent article by Palo Alto …

DDE Exploitation Detection

So DDE vulnerability/feature (open to debate) is hot and it is being used not only by high profile APT actors like FIN7, but also by several other …

APT10 - Operation Cloud Hopper

Posted by<p>BAE Systems Applied Intelligence - Monday, 3 April 2017<p><i>Written by Adrian Nish and Tom Rowles</i><p>BACKGROUND<p>For many businesses the network now …

Key Questions to Guide Malware Analysis

<b>Introduction</b>Performing malware analysis during incident response can be an exciting, creative exercise. But it can also be a nebulous process, with …

Forensics

Following Process Hollowing in OllyDbg

OverviewProcess Hollowing is a common technique used by modern malware to create a process which appears legitimate when viewed in tools such as Task …

Breaking backwards compatibility: a 5 year old bug deep within Windows

Microsoft has a great track record of maintaining support for legacy software running under Windows. There is an entire compatibility layer baked …

Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide a stronger link between …

Reverse engineering malware: TrickBot (part 3 - core)

In my previous post, I explained how to dump the TrickBot core.In this one, I will show a bunch of tricks that will make the analysis of said core …

A New IoT Botnet Storm is Coming

Key Points: A massive Botnet is forming to create a cyber-storm that could take down the internet. An estimated million organizations have already …

IT threat evolution Q3 2017. Statistics

Q3 figuresAccording to KSN data, Kaspersky Lab solutions detected and repelled <b>277,646,376</b> malicious attacks from online resources located in 185 …

Security Research News in Brief - October 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications.

Lax Security Controls Can Facilitate Attacks

Threat actors leveraged compromised credentials to harvest payment data<br>Category:Intelligence<br>Incident Response and Management<br>Improper configurations …

Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor

The term “supply chain attacks” means different things to different people. To the general business community, it refers to attacks targeting …

BACKSWING - Pulling a BADRABBIT Out of a Hat

Executive SummaryOn Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users. FireEye …

A free webinar on Reverse Engineering

Next week I will be doing a free webinar on Reverse Engineering - "Data, data, data! I can't make bricks without clay."*. I will focus on practical …

Webinars

CONFidence 2014 slides from Dragon Sector are now available

<b>(Collaborative post by Gynvael Coldwind and Mateusz "j00ru" Jurczyk)</b><p>Just yesterday another edition of the largest and most successful IT security …

Poland

The Evolution of Trickbot

From the <b>malware lab of S2 Grupo</b> we have been monitoring the movements of a Trojan known as Trickbot. Its relationship with Dyre, another older Trojan …

Dridex AtomBombing in detail

Dridex has evolved, and now Dridex V4 uses Atom Bombing to perform process injection.This method allows Dridex to perform sneaky injections to evade …

Tools For Unpacking Malware, Part 2. Weak encryption algorithms

Some days ago I started a series of posts about tools and methods for unpacking malware, here you can find the first part. Each malware/packer is …

Threat Hunting in the Enterprise with AppCompatProcessor

Last April, at the SANS Threat Hunting and IR Summit, among other things, there was a new tool and technique released by Matias Bevilacqua. Matias’s …