14 February 2018

A shattered terminal screen with ./chaos written on itWe found a backdoor that uses network sniffing to provide a reverse shell. Additionally, it fully encrypts and integrity checks it network traffic with session keys. It was first presented at GoSec 2017 in Montreal and was found using a new honeypot SSH tool.

This backdoor was first used in 2012 as part of the 'sebd' rootkit but seems to have been reactivated within the scope of a rising botnet.

 

November 23, 2016

roslyn

In the past six months, we have been working on a new static analysis tool for the .NET ecosystem called Roslyn Security Guard. It is a Visual Studio extension that analyzes C# code. It was first released at Black Hat USA this year. This article will cover the latest milestone reached which brings a new taint analysis mechanism and the introduction of automated code fixes.

November 02, 2016

Linux/Moose's Clever SchemeCybercrime is an evolving phenomenon and offenders are continuously adapting to find new techniques to monetize their illicit activities. Our research paper and upcoming BlackHat Europe presentation - EGO MARKET: When People’s Greed for Fame Benefits Large-Scale Botnets - is about Linux/Moose, a botnet that conducts social media fraud. This blog post is a summary of our paper.

October 17, 2016

Command InjectionLast week, a new version of Find Security Bugs (FSB), a FindBugs extension was released.

In this post, we will present the most recent improvements and some project announcements.