HDD Firmware Backdoor


This Recon 2014 talk presents a firmware attack on an off-the-shelf hard drive. The implemented backdoor is capable of exfiltrating any data stored on the hard drive, through a network connection, without any modification of the system’s operating system or software...

Read More

rcrypt

rcrypt is a Windows PE binary crypter (a type of packer) written by Rage that has a bunch of features and makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many other Avs.
Writeup
Release

Read More

CryptoDefense Flaw

Symantec analyzed the ransomware called CryptoDefense. Apparently, CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the RSA 2048 encryption and decryption keys. The author only hands over the private key to decrypt the data when a $500 ransom is paid in Bitcoin within four days...

Read More