Want to submit an article relating to security or OS internals? Click "Create an Article" on the left menu.
To add code, change the text format from Basic HTML to Full HTML. Then click the "Insert code snippet" icon (located at the top far right of the menu).
Administrators can add articles directly by clicking the top menu Content->Add content->Article.
Evil Mass Storage
Original forum posthere
Evil Mass Storage is a proof of concept USB composite device which demonstrates an end-to-end solution that infiltrates an isolated-offline-network and covertly extracts data over both radio frequency or close access covert storage while hiding from forensi... Read more
Writing a Hex-Rays Plugin: VMX Intrinsics
I’ve been very excited to work with thenew Hex-Rays Decompiler microcode API, and I’ve finally had the chance to sit down and build a useful plugin. This post describes the development process: the things I tried that didn’t work and the weird hacks that ultimately did.
The plugin (C++ code) is a... Read more
Many people, myself included, have held the belief that Spectre exploits need to know, understand, and manipulate microarchitectural details that are specific to a given processor design. Published Spectre PoCs generally use techniques such as cache analysis, and flushing lines from the cache. Altho... Read more
Windows - Blocking Process Creation
Windows Supplies drivers with multiple callbacks to get notified about events happening in the system. One of them, as well as the only one that allows blocking, is the process notify routine. It alert all the drivers that are registered to it about process creation and termination.
There are 3 p... Read more
FinSpy analysis – Round Two
[Security][Windows]Well, it’s been a long time coming but here’s round two of my analysis of the FinSpy sample discussed in my previous blog post. The sample’s hash is 2bbc8f46a6efc6c824e55dc3ec18e2cf4a6d594b3d4f6fa54b95a4521e0a503e and is an executable masquerading as an Adobe Flash Installer/Unins... Read more
FinSpy analysis – Round One
[Security][Windows]In 2012 a number of FinSpy samples were found and later analysed by CitizenLab (seehttps://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/). The details provided in the CitizenLab post are quite high-level; the aim of this article is to dig deep into FinS... Read more