OpenSSL TLS HeartBeat (HeartBleed) Vulnerability Subnet Scan

OpenSSL TLS HeartBeat (HeartBleed) Vulnerability Subnet Scan

This script allows to test a full /24 subnet for OpenSLL TLS HeartBeat (HeartBleed) Vulnerability. Originally coded by Jared Stafford ([email protected]) to test this weakness on a single host at a time, it has been modified by Emanuele De Lucia to allow the scan of an entire subnet. This modification has been made for work reasons within few hours by the notice of the vulnerability, in order to readily identify the affected services within a very wide range of systems exposed. May be … [Read more]

Steganography and Steganalysis: Common Image Formats and LSB

Steganography and Steganalysis: Common Image Formats and LSB

 Thousands and thousands of data items currently are riding the Internet every day; their representation could be a continuous stream of data transiting through the entire globe. With the growth in quantity and especially in the importance of such informations, the need to adopt systems designed to guarantee a good level of protection and security has also grown in proportion. This paper explores those that are the common steganographic algorithms used to hide informations within seemingly … [Read more]

Red October: Cyber-Espionage ToolKit Analysis

Red October: Cyber-Espionage ToolKit Analysis

Reb October is the name of a cyber-espionage toolkit discovered by Kaspersky Lab. The malware was operating worldwide for up to 5 years before to be discovered, transmitting to its C&C servers a lot of informations. Red October is considered an advanced cyber-espionage campaign intended to targeting diplomatic, governmental and financial organizations. This is an analysis conducted by me on 01/13 for InfoSec Institute but published but published after a little... It's possible to view my … [Read more]

SANS DFIRCON APT Malware Challenge

SANS DFIRCON APT Malware Challenge

 SANS DFIRCON is a challenge where we have to download a memory image from SANS and perform over it a complete forensic analysis in order to find the real chinese APT hidden inside and so to answer to five questions about it; These questions may be very similar to: What's the PID of the rogue process ? How is the malware achieving persistence on the system ? What is the name of the file that caused the infection of the system ? If you think to be able to answer, download the image and hunt the … [Read more]

IPv6 Security Overview

IPv6 Security Overview

The paper considers the new Internet Protocol (IPv6 or IPng) that is about to replace the old IPv4. The arguments come from reading some texts about it, with a point of view to security that is expected. It also quickly shows the possible evolution of today's most common cyber attacks, as well as some technical details about the suite of IPSec protocols, because its security model will be required to be supported by all IPv6 implementations. It's possible to read this document on GoGo6.com … [Read more]

(D)DOS: Practical Approach – Hakin9.org – IT Security Magazine

(D)DOS: Practical Approach - Hakin9.org - IT Security Magazine

Hakin9 IT Security Magazine published an article of mine about a practical approach to (D)DoS attacks. In this paper are showed several offensive practices on how to conduct a DDoS attack, with a strong hand on techniques, tools and code chunks. There are also present screenshots and link references to the authors of the various exploits used (when used), as well as even a simple client-server C SYN Flood program created by me in order to better explain how botnets work... Look it on Hakin9 … [Read more]

Anti-Forensics Techniques

Anti-Forensics Techniques

The following paper takes into consideration those that are the most common methods to prevent or to render unreliable the techniques used for forensic analysis applied to magnetic media in order to gather useful 'evidences' for a computer crime related investigation. The research is focused on topics like data hiding, data obfuscation, encryption, code injection and also online anonymity.  The full English version can be viewed on InfoSec Institute website by clicking on logo … [Read more]

(D)DoS: Mitigation Strategies

(D)DoS: Mitigation Strategies

DDoS, or Distributed Denial of Service, is a cyber-attack in which an attacker tries to bring the functioning of a computer system that provides a service, such as a website, to the limit of its performance, generally working on one of the input parameters until it is no longer capable of delivering the service. These attacks are usually carried out by sending many packets of requests against the targeted service, saturating its resources and making the system “unstable,” thereby preventing … [Read more]

BatchWiper Analysis

BatchWiper Analysis

BatchWiper has been described by experts as an "Old Style" threat. It's programmed to delete data from entire logical partitions managed by infected systems. It 's simple, not well cared or optimized, but effective in its minimalistic design. It was discovered very recently by iranian CERT, and soon became quite famous among the "experts". This analysis takes into consideration the phases of reverse engineering and study of one of these samples. It's available for download a detailed report … [Read more]

CREA Certified Reverse Engineering Analyst Final Exam Report

CREA Certified Reverse Engineering Analyst Final Exam Report

This document is the result of work done by Emanuele De Lucia for the final CREA certification exam (Certified Reverse Engineering Analyst).The malware analyzed appeared obscured and encrypted in order to make more difficult all tasks targeted to its identification and analysis.The present document was rendered freely available with permission of the competent institute. The document is available for download in English.