Industroyer C2 Communication

As part of my day job, I work for Secarma (previously known as Pentest Limited) as a Senior Penetration Tester. During engagements, the question of malware threats is increasingly raised, in part due to media focus on APT groups such as APT28, and malware campaigns such as WannaCry. While looking into another malware variant recently uncovered by ESET, Industroyer, I started reviewing the protocol used to communicate with the backdoor component of the malware. Details of the research have bee... Read More »

Exploiting with pwndbg - Solving PlaidCTF 2016 SmartStove

This bank holiday weekend I spent a bit of time updating my docker containers (I know, rock-n-roll!). One of the tools I've been hearing good things about is pwndbg, an open source plugin for GDB which aims to help with exploit development. I've always been a fan of peda, which provides similar functionality, but seeing the integration that pwndbg had with radare2, I couldn't help but give it a shot. To install the tool, I used the provided installation instructions: git clone https://github... Read More »