Al-Khaser v0.72 - Public malware techniques used in the wild (Virtual Machine, Emulation, Debuggers, Sandbox detection)

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. Features Anti-debugging attacks IsDebuggerPresent CheckRemoteDebuggerPresent Process...

Makin - Reveal Anti-Debugging Tricks

makin is to make initial malware assessment little bit easier, It helps to reveal a debugger detection techniques used by a sample. Supports x64 and x86 How does it work? makin opens a sample as a debuggee and injects asho.dll, asho.dll hooks several functions at ntdll.dll library and after...

Inside the CCleaner Backdoor Attack

MADRID—As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads. The revelation was made during a talk at Virus Bulletin...

Al-Khaser: A Benign Malware to Test Your Anti Malware

PenTestIT RSS Feed There is a idiom - use a thorn to remove a thorn. Tools like Al-Khaser cement this idiom. It is an open source, benign malware to test how good your anti-malware or local security product is. It allows you to do so by implementing commonly used tactics used by actual malwares a...

Threat Round-up for June 2 - June 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 02 and June 09. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

Al-Khaser v0.65 - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you stay under the radar. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to...

Stress Test Anti Malware System: al-khaser

Stress Test Anti Malware System al-khaser is a PoC malware with good intentions that aims to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you catch them all. Some of the common use are: You are making an anti-debug plugin and you want ...

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion

TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions. These sample...

Al-Khaser - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you catch them all. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to ensur...

Beurk - Experimental Unix Rootkit

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. NOTE: BEURK is a recursive acronym for B EURK E xperimental U nix R oot K it Features Hide attacker files and directories Realtime log cleanup on utmp/wtmp Anti process and login detectio...

Mocha LPD 1.9 - Remote Buffer Overflow DoS PoC

No description provided by source. !/usr/bin/python Mocha LPD v1.9 Remote Heap Overflow Exploit ol skool 'write 4' whoops, I said it was a DoS. My bad. btw yes, I know its 2010 :0 CVE: 2010-1687 tested on XP sp1 use anti debugging to see it work - !hidedebug zwqueryinformationprocess call trace:...

gdb (GNU debugger) <= 7.5.1NULL Pointer Dereference

No description provided by source. / gdb GNU debugger = 7.5.1 crash due a NULL pointer dereference ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested...

IDA Pro 6.3 Crash PoC

No description provided by source. / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter...

AIC Audio Player 1.4.1.587 Local Crash PoC

No description provided by source. !/usr/bin/python Title: AIC Audio Player 1.4.1.587 Local Crash PoC Date: 01-26-2010 Author: b0telh0 Link: http://www.aic-media.com/Download/SetupAICAudioPlayer.exe Tested on: Windows XP SP3 I couldn't even debug it. There's some anti-debugging protection... Trie...

[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...

gdb (GNU debugger) 7.5.1 - Null Pointer Dereference

gdb GNU debugger 7.5.1 - Null Pointer Dereference / gdb GNU debugger = 7.5.1 crash due a NULL pointer dereference ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us...

IDA Pro 6.3 - Crash (PoC)

IDA Pro 6.3 - Crash PoC / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License...

IDA Pro 6.3 Crash PoC

Exploit for multiple platform in category dos / poc / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under...

IDA Pro 6.3 - Crash (PoC)

/ IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License 6.3.120531 Mac OS X IDA Pr...

gdb (GNU debugger) 7.5.1 - Null Pointer Dereference

/ gdb GNU debugger = 7.5.1 crash due a NULL pointer dereference ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: GNU gdb 7.5.1 OpenBSD 5.2 i3...