Using static, dynamic, and behavioral analysis, we will look at all stages of the WinRAR zero-day malware that was spread via online trading forums, then emulate the C2 TCP protocol to find out what kind of information it is receiving from the victim's.
Articles on hacking, reverse engineering, and software development.
Using ICANN zone files, we can search all active domains for fraudulent sites that have a similar domain and look-and-feel of legitimate products they're trying to copy. These fake sites offer downloads to software that look real, but have malware attached. In this article, we'll look at a fake Quickbooks site offering a download which contains the infamous Redline Stealer.
FOSCAM firmware is encrypted with openssl using a salted key. This post will demonstrate how to extract the firmware using an $14 SPI flash programmer, and reverse engineer the decryption keys for the firmware, and RSA keys that ship with the firmware using Ghidra.
One of the largest shared-hosting companies in the US said as much as 50%+ of their customer Wordpress sites were impacted by a December 2022 malware campaign. This post analyzes an infected host and shows how reverse engineering the C2 protocol give a glimpse into how it works, and what functions it provides to the attacker.
Using simple hardware and software, this post will show you how to extract and analyze the firmware of a GL.iNet GL-B1300 router. Identifying UART pins and connecting a JTAGulator will allow us to transmit and receive through the serial connection, access the U-Boot bootloader, and get a root shell on the main filesystem, allowing us to extract the firmware from memory.