We found a backdoor that uses network sniffing to provide a reverse shell. Additionally, it fully encrypts and integrity checks it network traffic with session keys. It was first presented at GoSec 2017 in Montreal and was found using a new honeypot SSH tool.
This backdoor was first used in 2012 as part of the 'sebd' rootkit but seems to have been reactivated within the scope of a rising botnet.
26 avril 2017
Beyond securing the infrastructure, how can one defend their applications against hackers? The answer is: the proper design of the application’s source code. There you have it: application security. Read more...
22 mars 2017
In this blog post, a new approach to help scanning for deserialization bugs with DNS exfiltration is presented. Along with the explanations, a scanning tool is released that could help both the defensive and the auditing teams in your enterprise.
16 février 2017
We are announcing the first "official" release of malboxes, a tool meant to help build safe and featureful Windows machines for malware analysis. Accessible to anyone, it even uses trial versions of Windows if one doesn’t have his own license. Click to read more.