GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.
Read MoreCategory: Research
Pardus 21 Linux Distro – Remote Code Execution 0day 2021 CVE-2021-3806
A couple of days ago, I came up with news that Pardus will organize a report-bug contest. I love to contribute to open-source projects. So that was a pretty good chance to revisit one of my old friends, Pardus, and uncover security and/or privacy issues.
Read More
Advisory | Seagate Central Storage Remote Code Execution 0day
In this article, I will be sharing several critical vulnerabilities of Seagate Central Storage NAS product.
Read More
Offensive IAT Hooking
This article will be about using IAT hooking methods for offensive purposes. These methods can be used in multiple situations where attacker needs to evade certain defense and analysis mechanism or hide from the victim in low privileged environments. Before getting into the technical stuff reader needs to be familiar with the following terminology. Read More
Introducing New Packing Method: First Reflective PE Packer Amber
Because of the increasing security standards inside operating systems and rapid improvements on malware detection technologies today’s malware authors takes advantage of the transparency offered by in-memory execution methods. In-memory execution or fileless execution of a PE file can be defined as executing a compiled PE file inside the memory with manually performing the operations that OS loader supposed to do when executing the PE file normally. In-memory execution of a malware facilitates the obfuscation and anti-emulation techniques. Additionally the malware that is using such methods leaves less footprints on the system since it does not have to possess a file inside the hard drive. Combining in-memory execution methods and multi stage infection models allows malware to infect systems with very small sized loader programs; only purpose of a loader is loading and executing the actual malware code via connecting to a remote system. Using small loader codes are hard to detect by security products because of the purpose and the code fragments of loaders are very common among legitimate applications. Malware that are using this approach can still be detected with scanning the memory and inspecting the behaviors of processes but in terms of security products these operation are harder to implement and costly because of the higher resource usage (Ramilli, 2010[1]). Read More