The researchers found evidence that the threat has been around since at least late 2014.TreasureHunt was firstdiscoveredby researchers at theSANS Institute who noticed the malware generating mutex names to evade detection. TreasureHunt enumerates the processes running on the infected systemsand implement memory scraping functions to extractcredit and debit card information. Stolen payment card data are… Read More


In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Source: securelist… Read More


This post outlines and presents the rediscovery, vulnerability analysis and exploitation of a zero-day vulnerability that was originally discovered and exploited by the CIA’s ‘Engineering Development Group’; remotely targeting MikroTik’s RouterOS embedded operating system that was discovered during the ‘Vault 7’ leak via WikiLeaks in March of 2017. Source: seekintoo… Read More


The Zebrocy family consists of three components. In the order of deployment these are a Delphi downloader, an AutoIt downloader and a Delphi backdoor. Figure 1 shows the relationship between these components. In this article we describe this family and how it can coexist with the older Seduploader reconnaissance tools. We will talk about some… Read More


Wow did I underestimate this one! I told myself it would take quite some time to build a reliable exploit once I found a bug in Adobe Reader. There are so many mitigations to work through once you have an exploitable crash. Amongst others: Data Execution Protection (DEP: prevents your code from being executed), Address… Read More


Hackers initially got onto Piriform’s London networks by using stolen credentials to log into a TeamViewer remote desktop account on a developer PC. From there, the attackers moved laterally to a second computer, always working outside office hours when it was unlikely that people would be using the machines. The attackers installed malware called ShadowPad,… Read More


CVE-2017-0263 is a UAF vulnerability in Menu Management Component in win32k kernel module of Windows operating system, which was reported to be used to attack with an EPS vulnerability to interfere the French election. This article will simply analyze the CVE-2017-0263 part of the attacking sample in order to come up with the operation principle… Read More


In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework based on QEMU. It allows us to run a whole operating system in a virtual environment… Read More