Search found 10 matches

by fade
Fri Dec 04, 2015 2:29 am
Forum: Malware
Topic: Linux.Rekoobe
Replies: 4
Views: 6675

Re: Linux.Rekoobe

That's very interesting. I haven't seen anything targeting SPARC in a while. (At least from my point of view, please correct me if I'm wrong.)

Any word on how it's spreading or being used?
by fade
Thu Dec 03, 2015 2:28 am
Forum: Reverse Engineering and Debugging
Topic: What is releatd CVE of this bug ?
Replies: 1
Views: 8263

Re: What is releatd CVE of this bug ?

Looks to be in the same range of CVEs as CVE-2014-4113
by fade
Thu Dec 03, 2015 2:24 am
Forum: Reverse Engineering and Debugging
Topic: [APT] NetTraveler RCEd Source Code
Replies: 3
Views: 11276

Re: [APT] NetTraveler RCEd Source Code

I doubt the original author is going to complain ;)
by fade
Sun Jul 19, 2015 11:20 pm
Forum: Malware
Topic: Linux/.IptabLex|s
Replies: 12
Views: 22905

Re: Linux/.IptabLex|s

Where did you come across the controller?
by fade
Tue Sep 09, 2014 2:02 pm
Forum: General Discussion
Topic: [Poll] What is your favorite hex editor?
Replies: 11
Views: 37193

Re: [Poll] What is your favorite hex editor?

I've really enjoyed 010. Simple, yet full of features.
by fade
Tue Sep 09, 2014 2:01 pm
Forum: Malware
Topic: Linux/BillGates
Replies: 72
Views: 106500

Re: Linux/BillGates

Someone I believe has written tracking code for this botnet also:
https://github.com/ValdikSS/billgates-botnet-tracker
by fade
Mon Sep 08, 2014 11:03 pm
Forum: Malware
Topic: Linux/.IptabLex|s
Replies: 12
Views: 22905

Re: Linux/.IptabLex|s

If I recall correctly, this was dropped (but not exclusive to) some exploitation of open ElasticSearch instances.
by fade
Mon Sep 08, 2014 11:02 pm
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 858199

Re: Point-of-Sale malwares / RAM scrapers

A lot of folks are calling this BlackPoS. The main basis for this is the unique-exfiltration techniques.

The t.bat file that is decoded from the Trend posting, uses a bitshift & XOR key.
by fade
Wed Jul 16, 2014 2:31 am
Forum: Reverse Engineering and Debugging
Topic: Good resource for learning how to debug & reverse engineer?
Replies: 16
Views: 95709

Re: Good resource for learning how to debug & reverse engine

Step 1: Learn C/C++/Delphi etc. You can't reverse engineer if you can't forward engineer. Step 2: Learn x86 assembly - http://opensecuritytraining.info/IntroX86.html (includes videos) Step 3: Learn x86 architecture - http://opensecuritytraining.info/IntermediateX86.html (includes videos) Step 4: Le...
by fade
Wed Jul 16, 2014 2:17 am
Forum: General Discussion
Topic: [Poll] What is your home AV?
Replies: 40
Views: 65452

Re: [Poll] What is your home AV?

YARA Scanning and continuous DNS monitoring seems to work well for me.