This article will briefly explain methods behind the mobile malware unpacking. It will be focusing on Anubis since it is the latest trending malware for almost a year now. Actors use dropper applications as their primary method of distribution. Droppers find their ways to Google Play store under generic names thereby infecting devices with Anubis. An example of a such dropper may found in the references. There were at least forty cases in Google Play in the last fall targeting Turkish users. @LukasStefanko’s twitter thread may be helpful to get an overview of such campaigns. Anubis malware already analysed by fellows from the industry in a detailed manner. Therefore readers should find it more valuable to have an article focusing on packer mechanisms of Anubis.
Read More
Advisory | MailCleaner Community Edition Remote Code Execution CVE-2018-20323
In this article, I would like to share a remote code execution vulnerability details of MailCleaner Community Edition product.
Read More
Offensive IAT Hooking
This article will be about using IAT hooking methods for offensive purposes. These methods can be used in multiple situations where attacker needs to evade certain defense and analysis mechanism or hide from the victim in low privileged environments. Before getting into the technical stuff reader needs to be familiar with the following terminology. Read More

Unexpected Journey #6 – All ways lead to Rome ! Remote Code Execution on MicroFocus Secure Messaging Gateway
It has been a quite while since I haven’t released a new part of unexpected journey article serie. Particularly this small 0-day research project has been certainly didactic to me. Thus, I’ve decided to write down the process of achieving remote code execution on MicroFocus Secure Messaging Gateway product. Read More

Advisory | ManageEngine Applications Manager Remote Code Execution and SQLi
It is an interesting coincidence that almost 1 year ago we identified a critical security issue in a different product (Eventlog Analyzer) of this company. Now, this time we’ve came across with another product of this company during penetration test. To be honest I’ve seen more than 20 different high/critical vulnerability during the analysis of the product but I will only share two of them now, as a full disclosure. Read More