Quequero - quequero.org - Comments on:
General Information:
Latest News:
Quick Volatility overview and R.E. analysis of Win32.Chebri 26 Aug 2013 | 06:23 pm
Introduction In this article we will start from the physical memory dump of a machine suspected of malware compromise, successively with volatility we will establish if the machine is infected and pro...
Android Fake Вrowser Update Analysis 29 Jul 2013 | 07:04 pm
Recently our colleague N3m3s1s found a fake browser updater (password, as usual is: infected) for Android, so I decided to take a look at it. Before we begin I suggest you to download the de-obfuscate...
McRat Malware Analysis – Part1 2 Apr 2013 | 06:30 pm
In this issue we are going to analyze McRat, a user’s data and passwords stealer. This malware is interesting since it makes use of some anti-debugging techniques and several encryption/obfuscation la...
CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis 20 Mar 2013 | 08:24 pm
In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array sock_diag_han...
Analysis of CVE-2010-0188 PDF from RedKit ExploitKit 11 Mar 2013 | 08:02 pm
After noticing a substantial increase in RedKit infections, following a series of investigations performed on URLQuery, we have decided to go deeper to understand what was happening behind the curtain...
Update 1 – Facebook ‘Zuck’ infection 3 Mar 2013 | 12:45 am
In this days I see some friends of mine had taken a facebook virus: this virus posts a message with ten friends tagged and a link to a bad site; the infection is OS independent just because it uses fi...
Extracting Objects from a Running Process 12 Feb 2013 | 12:04 am
Few days ago two new 0-days have been spotted in the wild: CVE-2013-0633 and CVE-2013-0634, both of them involving a .swf file, possibly embedded inside a Word Document. It might be interesting to und...
Malicious Java Applet Deobfuscation 16 Jan 2013 | 09:01 pm
On Sunday (13th January 2013), I’ve received an email from @it4sec with regards to a malicious Java applet that he had received. So I’ve decided to write about it since Java applet seems like a common...
New Java 0-day Exploit in the Wild – Update 4 10 Jan 2013 | 06:45 pm
According to Kafeine Security a new exploit for Java 7 is in the wild. Not surprisingly this new exploit, announced yesterday on the underweb, comes right after the BlackHole crew announced that their...
Stabuniq Financial Infostealer Trojan Analysis 2 Jan 2013 | 01:45 pm
According to Symantec, Stabuniq is a financial infostealer trojan which has been found on servers belonging to financial institutions, including banking firms and credit unions. The Trojan also compro...