Wednesday, January 30, 2013

IEEE Internet Computing - Dissecting the State of Underground Enterprise

Our paper on "Dissecting the State of Underground Enterprise" is finally out in IEEE Internet Computing.

Abstract: "Cybercrime's tentacles reach deeply into the Internet. A complete, underground criminal economy has developed that lets malicious actors steal money through the Web. The authors detail this enterprise, showing how information, expertise, and money flow through it. Understanding the underground economy's structure is critical for fighting it."


Sunday, January 27, 2013

Hack In The Box (HitB) Magazine : A Journey of Learning and Sharing

I finally get some time to talk my ( and other team members) journey as a contributor and author for Hack-in-the-Box (HitB) magazine. At this point, HitB ezine has completed more than two years. It's been a great time working with the HitB crew especially Zarul and Dhillon. In addition, Mateusz “j00ru” Jurczyk
Gynvael Coldwind is also contributing a lot. I have been writing for this magazine right from the first edition. It has been a great time of sharing and learning in the last two years. I want to talk about the content that I have written in the last nine editions with a support from my different colleagues.

Edition 1: (Paper) - Malware Obfuscation: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-001.pdf - The first edition was released in January 2010. In this edition, I wrote a paper with Wayne Huang of Armorize on malware obfuscation tactics with an additional support from Fyodor Yarochkin. We discussed several malware obfuscation tactics and how to deobfuscate them manually.

Edition 2: (Paper) - Open Redirect Wreck Off - Web Traffic Forwards: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-002.pdf - The second edition was released in April 2012In this edition, I presented the complete details of traffic redirection in web applications and websites using real time code snippets collected during open research.

Edition 3: (Paper) - Chinese Malware Factory - Paradox of MS Office Based Malware: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-003.pdf - The third edition came out in July 2010. In this edition, I wrote about my research on MS office based Chinese malware that uses word, excel, etc. files to spread malicious code by exploiting inherent vulnerabilities in the requisite software component.    

Edition 4: (Paper) - Notorious Data-center Support Systems: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-004.pdf - The fourth edition came out in October 2010. In this edition. I wrote a collaborative paper with my colleague Rohit Bansal on vulnerabilities present in the support center web applications that can directly result in gaining access to different virtual hosts.

Edition 5: (Paper) - Exploiting Web Virtual Hosting - Malware Infections: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-005.pdf - The fifth edition was released in February 2011. In this paper, I wrote a paper collaboratively with my colleague Rohit Bansal and my adviser Dr. Enbody and presented about the techniques of infecting virtual hosts present on the same host.

Edition 6: (Paper) - Botnet Resistant Coding: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf - The sixth edition came out in June 2011. I released a paper with my colleagues Peter Greko, Fabian and my adviser Dr. Enbody to present on the concept of botnet resistant coding.  In this edition, we talk about a generic approach of coding to subvert the automated log harvesting process in C&C panels.

Edition 7: (Paper) - Extending SQL Injections using Buffer Overflows: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf - The seventh edition was released in October 2011. In this edition, I wrote another paper collaboratively with my colleague Rohit Bansal and my adviser Dr. Enbody on the issue of exploiting blind sql injections in web applications that encounter 500 error by using buffer overflow technique. This tactic was developed by Rohit itself.

Edition 8: (Paper) - Exploit Distribution Mechanism in Browser Exploit Packs: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-008.pdf - The eighth edition came out in April 2012. In this edition, I wrote collaboratively with Dr. Enbody on the techniques of exploit distribution in browser exploit packs such as BlackHole, Phoenix, etc.

Edition 9: (Paper) - Game of Windows 32/64 System Takeover - Bot Wars : http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-009.pdf - The ninth edition was released in November 2012. I detailed on the concept of bot wars in which one bot kills other to gain complete access of the infected system.

HitB Magazine is a great place to talk about hacking techniques. I hope this continues and I wish to contribute more in the coming time.

So, Hack the Box. Cheers ! 

Wednesday, January 9, 2013

Virus Bulletin Papers Added to Respository

We have added the papers to our repository. The newly added ones are:

1. ICE IX Analysis: http://secniche.org/released/VB_ICE_IX.pdf

2. Winlocker Ransomware Analysis: http://secniche.org/released/VB_WINLOCKER.pdf

3. Malware Strategies - Part 1: http://secniche.org/released/VB_MAL_DET_STR_PART1.pdf

4. Malware Strategies - Part 2: http://secniche.org/released/VB_MAL_DET_STR_PART2.pdf

Enjoy !

Elsevier Network Security : Abusing Glype Proxies

Update : 29th April 2014

Download : Paper available herehttp://www.slideshare.net/adityaks/abusing-glype-proxies-exploits-and-defences

Our paper on "Abusing Glype Proxies: Attacks, Exploits and Defenses" are out in Elsevier Network Security.

Abstract: Proxies play a critical privacy role because these are widely used for anonymous surfing and identity cloaking on the Internet. In addition, proxies also assist in traffic filtering, traffic management, log auditing, access policies and surfing restricted sites. There are several types of proxies available, but the Glype HTTP proxy is used extensively.
The Glype open-source HTTP proxy is used extensively. However, proxies can be transformed into attack platforms for exploitation. 


Enjoy!