Quantcast
Channel: Casaba Security » John Hernandez
Browsing latest articles
Browse All 10 View Live

Analysis of the Storm and Nugache Trojans: P2P Is Here

This is an article that I worked on with Sam stover which covers some of the high level concepts that were introduced by next generation peer-to-peer bot networks. In it we dissect the some of the...

View Article


Command and Control Structures in Malware: From Handler/Agent to P2P

Good article by David Dittrich and Sven Dietrich in ;login: magazine which I was able to contribute to by doing a lot of the reverse engineering of the Nugache trojan. The main focus of the article is...

View Article


Powershell Grep

So, I spent a good couple of hours today trying to find a easy solution to the lack of Grep on windows. I've tried using findstr but the output gave me a headache trying to parse it. So I decidied to...

View Article

Microsoft CCI Framework for Deobfuscating .Net binaries.

We had an issue recently crop up with an obfuscated .Net binary. I’ve been meaning to spend more time reversing .Net protected binaries so I start looking in it. Unfortunately everything I was reading...

View Article

Microsoft CCI Framework for Deobfuscating .Net binaries. (Part 2)

So yesterday I talked a about using CCI to remove attributes from .Net binaries. Specifically the SupressIldasm attribute. I promised I’d put up some more code highlighting the framework’s benefits. So...

View Article


Microsoft CCI Framework for Deobfuscating .Net binaries. (Part 3)

Renaming parts of the assembly. So I promised this last week, but I’ve been busy on a new project. Below is some code that shows renaming of methods. This is a solution to renaming classes within...

View Article

Asp .Net MVC Security Review Checklist

Here’s a little checklist I put together for ASP .Net MVC. It includes the high level stuff to look at when reviewing a MVC application. In order to fully understand/consume the info it requires at...

View Article

X5S V2.0…. its coming!

So, It’s been awhile since we’ve done any public updates to X5S. Over the last year, I’ve improved the algorithm and process significantly. Be on the look out, it should be released within the next...

View Article


Microsoft “Roslyn” based REPL injection.

Microsoft recently released their new Compiler API codename “Roslyn”. If you haven’t checked it out yet you should. Here’s the link: http://msdn.microsoft.com/en-us/roslyn/. I wanted to get my hands a...

View Article


Image may be NSFW.
Clik here to view.

Hot patching WinINET to access HTTPOnly cookies via InternetGetCookie

Preface: by removing these checks for HTTPOnly you are making cookie management less secure within the process. This is for testing/tools only and I DO NOT recommend doing this unless you’re absolutely...

View Article
Browsing latest articles
Browse All 10 View Live