Every year, the best of Hackers’ world finds shelter at the famous hacking convention DEF CON at Paris/Bally’s in Las Vegas (USA). During the 23rd edition, visitors will as always enjoy a multitude of fun activities such as games, contests, workshops and many more. However, this year will be a little bit more special for […]

Join 1,000+ security talents for a unique intercontinental contest of hacking and job-related sessions in Lille on the 27th and 28th of June. The event’s 6th edition is an exciting opportunity for all French security aficionados to demonstrate the “national savviness” through an entire night battle of ethical hacking games. Participants will take up on […]

Introduction Back to last GreHack edition, Herbert Bos has presented a novel technique to exploit stack-based overflows more reliably on Linux. We review hereafter this new exploitation technique and provide an exploit along with the vulnerable server. Even if this technique is portable to multiple platforms, we will focus on a 64-bit Linux OS in […]

Introduction Some time ago while working on Windows 8, we came across a rather unusual piece of disassembly in some Microsoft binary files. This post describes some of our findings and how they are related to a Windows internal project called Warbird Warbird is an enhancement of the license verification of Windows that is introduced […]

Recently, hFireF0X provided a detailed walkthrough on the reverse engineering forum kernelmode.info about Win32/Poweliks malware. The particularity of this malware is that it resides in the Windows registry and uses rundll32.exe to execute JavaScript code. I found it funny that we can execute some JavaScript through Rundll32 and obviously I was not the only one. […]

Atrax is a malware discovered during the summer of 2013. It includes some basic features like distributed denial-of-service, keylogging, the ability to steal banking credentials, to send spam or to install a Bitcoin miner for crafting bitcoin money. The particularity of Atrax is that it communicates with command and control server over TOR, which is […]

For this edition of the Weekly Cybernote, first of all, we will touch on Project Zero, the elite crack team set up by Google to fight zero-day attacks. We will then discuss an attack identified in China that apparently targeted databases of state employees living in the US. Lastly, we will look at how the […]

For this 9th edition of our Weekly Cybernote, we will as usual cover three topics. The first concerns the new banking malware Dyreza, while the second will be about how YouTube is used by hackers to sell credit card numbers. Lastly, the third point revisits an old story about Nokia, who allegedly gave in to […]

The integration of a new patch into the Linux kernel has been proposed to enable the successful detection of exploitation attempts. The principle is very simple: when a security fix is added to the kernel, a new code will be added to call the “ exploit” function (with the CVE number of the exploit that […]

For this eighth edition of the Weekly Cybernote, we will concentrate on three very different subjects: the hack orchestrated by Iranian cyber-spies through a bogus news website, the music streaming service Spotify whose data had been hacked, and lastly a cybercriminal in Australia who hijacked Apple devices for ransom. A group of Iranian cyber-spies targeted […]