The following paper takes into consideration those that are the most common methods to prevent or to render unreliable the techniques used for forensic analysis applied to magnetic media in order to gather useful 'evidences' for a computer crime related investigation. The research is focused on topics like data hiding, data obfuscation, encryption, code injection and also online anonymity. The full English version can be viewed on InfoSec Institute website by clicking on logo … [Read more]
DDoS, or Distributed Denial of Service, is a cyber-attack in which an attacker tries to bring the functioning of a computer system that provides a service, such as a website, to the limit of its performance, generally working on one of the input parameters until it is no longer capable of delivering the service. These attacks are usually carried out by sending many packets of requests against the targeted service, saturating its resources and making the system “unstable,” thereby preventing … [Read more]
BatchWiper has been described by experts as an "Old Style" threat. It's programmed to delete data from entire logical partitions managed by infected systems. It 's simple, not well cared or optimized, but effective in its minimalistic design. It was discovered very recently by iranian CERT, and soon became quite famous among the "experts". This analysis takes into consideration the phases of reverse engineering and study of one of these samples. It's available for download a detailed report … [Read more]
This document is the result of work done by Emanuele De Lucia for the final CREA certification exam (Certified Reverse Engineering Analyst).The malware analyzed appeared obscured and encrypted in order to make more difficult all tasks targeted to its identification and analysis.The present document was rendered freely available with permission of the competent institute. The document is available for download in English.
Zeus is a Trojan horse that is able to steal banking informations through "Man-in-the-browser", "Keystroke Logging" and "Form Grabbing" techniques. The reversing process considers the initial phase of the system infection conducted by the agent.As we can see from the attached document, the infection process involves the injection of code into predefined processes through VirtualAllocEx and WriteProcessMemory functions. The informations that will follow are in public domain and are free to … [Read more]
The paper examines the new markup language for the design of web pages in view of the security level expected. The previous version of HTML, HTML 4.01, came in 1999. The web has changed a lot since then. The main goal of its developers, was to propose and implement new features and commands until now obtained mainly through web-browser extensions . Although from the point of view of a developer or web designer these new features can be considered a big step forward in the evolution of the … [Read more]
This document considers what has been called the most sophisticated malware ever generated analyzing the code of its “Main Module”.With a great deal of probability, “The Flamer” also kwown as “sKyWIper”, is the most complex malware ever found.It’ able to spread itself to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic.The program also records Skype conversations and can turn infected computers into … [Read more]