The stuxnet malware has been making the press recently for two reasons. First it contains two drivers signed with a legitimate (at the time) cert. Second is it’s targeting SCADA systems. The malware is cool for a host of other geeky reasons. Nick Harbour, Stephen Davis, and I started looking at the malware [...]
|
|||||
|
Июль 22nd, 2010 | Tags: malware, myrtus and guava, rootkit, stuxnet | Category: Без перевода |
 Оставить комментарий | PrintGetting started with Microsoft Windows device drivers can be difficult, even for experienced developers. This paper presents an overview of the debugging and testing tools that developers use to create a device driver for Windows operating systems. In particular, the paper examines ways to find and fix bugs early in development, to help you [...] Prior to Windows Vista and Windows Server 2008 we had to keep a large page file on the system drive (typically drive C:) in order to properly capture system memory dumps for troubleshooting. This presented problems as systems with very large amounts of RAM became more common, resulting in requirements for very large [...] Крайне забавные картинки про скиммеры, рекомендую. via ATM Skimmers, Part II. 2 Февраль 12th, 2010 | Tags: atm, credit card, skimmer | Category: Без перевода |
Оставить комментарий | PrintWe are happy to announce the results of our first Hex-Rays plugin contest! The submitted files are very interesting. We are sure that you too will find them useful and increasing your productivity. While we had no difficulties determining the first winner, the second place was not that obvious, [...] The Hex-Rays Decompiler 1.0 was released more than two years ago. Since then it has improved a lot and does a great job decompiling real-life code, but sometimes there are additional things that you might wish to do with its output. For that purpose we have released the Hex-Rays Decompiler SDK and several sample [...] Windows 7 introduces a new set of dll files containing exported functions of many well-known WIN32 APIs. All these filenames begins with ‘api-ms-win-core’ prefix, followed by the functions category name. For example, api-ms-win-core-localregistry-l1-1-0.dll contains the exported names for all Registry functions, api-ms-win-core-file-l1-1-0.dll contains the exported names for all file-related functions, api-ms-win-core-localization-l1-1-0.dll contains the exported [...] Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to harvest sensitive information (such as bank account and credit card [...] Rafal Wojtczuk and Joanna Rutkowska: System Management Mode (SMM) is the most privileged CPU operation mode on x86/x86_64 architectures. It can be thought of as of «Ring -2″, as the code executing in SMM has more privileges than even hardware hypervisors (VT), which are colloquially referred to as if operating in «Ring -1″. Читать дальше «Attacking SMM Memory via Intel® CPU Cache Poisoning» Greg Hoglund: PCI compliance is clearly not enough to protect credit card numbers or account information. It’s about time everyone who uses an account for online payment simply accept the facts: your credit card numbers have been stolen. Check your statements monthly. Why? This isn’t about Heartland or the [...] Февраль 25th, 2009 | Tags: credit card, malware, security | Category: Без перевода |
16 комментариев | Print |
|||||
|
Copyright © 2010 Волчьи IT-мысли - All Rights Reserved |
|||||
Загрузка ...