Hiding malware in Windows – The basics of code injection

There are hundreds of teams working professionally trying to break into any single digital device to compromise sensitive data leaving no fingerprint.Malware industry is bigger than you might think, more than 4,000 ransom-ware attacks have occurred every day since the beginning of 2016 and much more general system vulnerations.

I remember viruses in Win95 where you got a freeze screen, a broken OS or a BSOD; that’s not the case anymore, today access violations leave no trace and usually patches the vulnerabilities behind them so no other malware can take control of the system.
A guy i met once told me that “the best AV you could ever have is a harmless virus”, I don’t fully agree, but that sentence hides a bit of truth.

But, how can this malicious code run freely in a host machine without the user noticing?
Continue reading “Hiding malware in Windows – The basics of code injection”

How does a CPU work?

The CPU (Central processing unit) is the brain of all systems, it takes instructions as simple as electric variations and performs complex tasks by running electricity through circuits, but, how do they do it?

Not even engineers knows exactly how a CPU works, indeed, I’ve meet very few people (Developer, analyst, Architect or IT) who knows exactly how electricity is evaluated in a logical way to perform concrete calculations in order to run a digitally written program.

Can you even imagine how your computer performs a Node javascript file execution? I bet not…

Continue reading “How does a CPU work?”

Practical SHA-1 signature collision

Yesterday 2017/02/23, Google’s security team announced the first real collision attack against the SHA-1 algorithm, the technique used, albeit being hard to perform and even hardest to pay (110 GPU running 24 hours per day during an entire year) is enough to demostrate that the algorithms and protocols that sustain the internet and our whole lives are not secure anymore.

Continue reading “Practical SHA-1 signature collision”

What is Buffer Overflow vulnerability and how do we exploit it.

Buffer overflow is probably the most feared security hole in software since it’s not just a development issue (it is) but also a language standard library “error”. This makes buffer overflow vulnerabilities hard to spot and fix and ridicously powerfull.
But, what is a buffer overflow vulnerabilty and how do we exploit it?Imágenes integradas 1

Continue reading “What is Buffer Overflow vulnerability and how do we exploit it.”

Camouflaging windows malware

It’s a fact, I’m in love with malware. As a researcher I want to understand how things works and sometimes, those things are not just usual software but viruses, exploits or rootkits.

Malware is built as software is, some code, some compiling and done, but it’s much more complex that just that, there’s no fast-line in malware, everything has to work anywhere silently and secretly, the program has to be able to boot, reproduce and care itself, sometimes without the hacker’s help, and all of this usually starts with a simple act… double-click.

Continue reading “Camouflaging windows malware”

A simple keylogger in C

keylogger, how it works and how to build it in pure C

keylogger-virus-windowsLong time since my last post, I’ve been kind of busy, but here we go again.

Today we are going to talk about keyloggers, how does it work and how to build it in pure C.
This project has been written down for learning proposes and, of course it’s not intended to serve ‘evil’, so stay away from “muh code” if you are a 1337 h4x0r looking for scripts to steal someones privacy ¬¬

Continue reading “A simple keylogger in C”