Anti-Rootkit Evasion (blinding GMER)

Anti-Rootkit Evasion (blinding GMER)

During a discussion with colleagues about the ability of modern malware to evade the most common anti-virus solutions, a fixed point seemed to be using anti-rootkit tools to thoroughly check the status of a system. One of the most reliable and trustworthy (and widely used) seems to be undoubtedly GMER. It was widely believed that only very advanced malware (certainly sponsored by governments or by Microsoft itself) could simultaneously hide its presence within the system and to mock, at the same … [Read more]

ShellShock /bin/bash vulnerability CVE-2014-6271 /24 CGI Exploitability Test Suite

ShellShock /bin/bash vulnerability CVE-2014-6271 /24 CGI Exploitability Test Suite

Do you know what to do with this below ?  # ShellShock Bash Vulnerability CVE-2014-6271 Test Tool # # This has been coded by Emanuele 'ac1d' De Lucia for educational purposes only # # The author is NOT responsible for any harmful use you decide to make # # Coded 25/09/2014 01.55. Online 25/09/2014 02.30 CET # # yabba dabba doooooo, Wilma !!! Where's my club ?!?! # # Please, turn on your brain before to continue.... # # nc -l -p 4444 may be useful but...take a look at the bottom … [Read more]

Home-made APT vs most trusted anti-malware solutions

Home-made APT vs most trusted anti-malware solutions

To quickly summarize: there has not been an anti-malware solution that was effectively able to avoid the infection of the system or to prevent the privileges escalation put into play. None of the tested solutions was also able to alert the user about an abnormal behavior of our executable. Stop! That’s all ! Further details: The malware is a P2P (D)DoS agent written in pure C by Emanuele De Lucia with TCP SYN and HTTP Flood capabilities, named “apt.exe”. This is basically a dropper. It’s … [Read more]

Steganography and Steganalysis: Common Image Formats and LSB

Steganography and Steganalysis: Common Image Formats and LSB

 Thousands and thousands of data items currently are riding the Internet every day; their representation could be a continuous stream of data transiting through the entire globe. With the growth in quantity and especially in the importance of such informations, the need to adopt systems designed to guarantee a good level of protection and security has also grown in proportion. This paper explores those that are the common steganographic algorithms used to hide informations within seemingly … [Read more]

(D)DOS: Practical Approach – Hakin9.org – IT Security Magazine

(D)DOS: Practical Approach - Hakin9.org - IT Security Magazine

Hakin9 IT Security Magazine published an article of mine about a practical approach to (D)DoS attacks. In this paper are showed several offensive practices on how to conduct a DDoS attack, with a strong hand on techniques, tools and code chunks. There are also present screenshots and link references to the authors of the various exploits used (when used), as well as even a simple client-server C SYN Flood program created by me in order to better explain how botnets work... Look it on Hakin9 … [Read more]

HTML 5 Security

HTML 5 Security

The paper examines the new markup language for the design of web pages in view of the security level expected. The previous version of HTML, HTML 4.01, came in 1999. The web has changed a lot since then. The main goal of its developers, was to propose and implement new features and commands until now obtained mainly through web-browser extensions . Although from the point of view of a developer or web designer these new features can be considered a big step forward in the evolution of the … [Read more]