IPv6 Security Overview

IPv6 Security Overview

The paper considers the new Internet Protocol (IPv6 or IPng) that is about to replace the old IPv4. The arguments come from reading some texts about it, with a point of view to security that is expected. It also quickly shows the possible evolution of today's most common cyber attacks, as well as some technical details about the suite of IPSec protocols, because its security model will be required to be supported by all IPv6 implementations. It's possible to read this document on GoGo6.com … [Read more]

(D)DOS: Practical Approach – Hakin9.org – IT Security Magazine

(D)DOS: Practical Approach - Hakin9.org - IT Security Magazine

Hakin9 IT Security Magazine published an article of mine about a practical approach to (D)DoS attacks. In this paper are showed several offensive practices on how to conduct a DDoS attack, with a strong hand on techniques, tools and code chunks. There are also present screenshots and link references to the authors of the various exploits used (when used), as well as even a simple client-server C SYN Flood program created by me in order to better explain how botnets work... Look it on Hakin9 … [Read more]

Anti-Forensics Techniques

Anti-Forensics Techniques

The following paper takes into consideration those that are the most common methods to prevent or to render unreliable the techniques used for forensic analysis applied to magnetic media in order to gather useful 'evidences' for a computer crime related investigation. The research is focused on topics like data hiding, data obfuscation, encryption, code injection and also online anonymity.  The full English version can be viewed on InfoSec Institute website by clicking on logo … [Read more]

(D)DoS: Mitigation Strategies

(D)DoS: Mitigation Strategies

DDoS, or Distributed Denial of Service, is a cyber-attack in which an attacker tries to bring the functioning of a computer system that provides a service, such as a website, to the limit of its performance, generally working on one of the input parameters until it is no longer capable of delivering the service. These attacks are usually carried out by sending many packets of requests against the targeted service, saturating its resources and making the system “unstable,” thereby preventing … [Read more]

BatchWiper Analysis

BatchWiper Analysis

BatchWiper has been described by experts as an "Old Style" threat. It's programmed to delete data from entire logical partitions managed by infected systems. It 's simple, not well cared or optimized, but effective in its minimalistic design. It was discovered very recently by iranian CERT, and soon became quite famous among the "experts". This analysis takes into consideration the phases of reverse engineering and study of one of these samples. It's available for download a detailed report … [Read more]

CREA Certified Reverse Engineering Analyst Final Exam Report

CREA Certified Reverse Engineering Analyst Final Exam Report

This document is the result of work done by Emanuele De Lucia for the final CREA certification exam (Certified Reverse Engineering Analyst).The malware analyzed appeared obscured and encrypted in order to make more difficult all tasks targeted to its identification and analysis.The present document was rendered freely available with permission of the competent institute. The document is available for download in English.

ZeuS Malware Analysis

ZeuS Malware Analysis

Zeus is a Trojan horse that is able to steal banking informations through "Man-in-the-browser", "Keystroke Logging" and "Form Grabbing" techniques. The reversing process considers the initial phase of the system infection conducted by the agent.As we can see from the attached document, the infection process involves the injection of code into predefined processes through VirtualAllocEx and WriteProcessMemory functions. The informations that will follow are in public domain and are free to … [Read more]

HTML 5 Security

HTML 5 Security

The paper examines the new markup language for the design of web pages in view of the security level expected. The previous version of HTML, HTML 4.01, came in 1999. The web has changed a lot since then. The main goal of its developers, was to propose and implement new features and commands until now obtained mainly through web-browser extensions . Although from the point of view of a developer or web designer these new features can be considered a big step forward in the evolution of the … [Read more]

“Flamer” Main Module Analysis

“Flamer” Main Module Analysis

This document considers what has been called the most sophisticated malware ever generated analyzing the code of its “Main Module”.With a great deal of probability, “The Flamer” also kwown as “sKyWIper”, is the most complex malware ever found.It’ able to spread itself to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic.The program also records Skype conversations and can turn infected computers into … [Read more]