How to provide process isolation and not destroy Windows

How can we isolate suspicious processes in Windows and not destroy the OS? How can we create a reliable and Windows-compatible sandbox without hardware virtualization and kernel function hooking, but with the use of documented default OS security mechanisms? In this article we will be discussing the most common problems faced by sandbox developers (and, as a result, consumers). And of course we will also offer our own solutions.

Read full article →


Jailbreaking for dummies. What to do after a device has been cracked

So you've decided to jailbreak your device, downloaded a proper utility from the website pangu or taig, connected your smartphone to your computer, and launched the application. After several reboots, a message was displayed on the screen confirming the jailbreak's success and the Cydia application was installed on the device. It seems that everything worked fine, but what's next? If you've ever asked yourself this question, this article is for you.

Read full article →


Turning a Regular USB Flash Drive into a USB Rubber Ducky

A long time ago, we reviewed some devices which should be in any hacker's toolbox. One of these devices was a USB Rubber Ducky — a device which resembles a regular USB flash drive. When connected to a computer, it claims to be a keyboard and quickly enters all its commands. It's a pretty cool thing and very useful for pentests, but why pay 40 dollars or more if a regular USB flash drive can be taught the same tricks?

Read full article →


The Children of CryptoLocker, Part 2. TeslaCrypt, TorLocker, TorrentLocker

Previous part: The Children of CryptoLocker, Part 1

The first examples of malware that encrypts files and then demands money for decryption appeared a long time ago. Just remember Trojan.Xorist with its primitive encryption algorithm based on XOR, or Trojan.ArchiveLock written in PureBasic, which used regular WinRAR for encryption and Sysinternals SDelete for deleting encrypted files, and demanded as much as five thousand dollars for decryption. However, it was CryptoLocker that established the bad trend among virus writers to use the latest achievements in cryptography as quite stable encryption algorithms. Today, we will investigate several encryption-based trojans which emerged after the notorious spread of CryptoLocker on the internet (or at the same time).

Read full article →


The Children of CryptoLocker, Part 1. Critroni, CryptoWall, DirCrypt

The first examples of malware that encrypts files and then demands money for decryption appeared a long time ago. Just remember Trojan.Xorist with its primitive encryption algorithm based on XOR, or Trojan.ArchiveLock written in PureBasic, which used regular WinRAR for encryption and Sysinternals SDelete for deleting encrypted files, and demanded as much as five thousand dollars for decryption. However, it was CryptoLocker that established the bad trend among virus writers to use the latest achievements in cryptography as quite stable encryption algorithms. Today, we will investigate several encryption-based trojans which emerged after the notorious spread of CryptoLocker on the internet (or at the same time).

Read full article →