Sunday, November 29, 2015

Here Hold This: Loading malware with legitimate Win32 applications


I do not often talk about OS specific topics. Even more rarely is that OS Windows. I am, after all, an OS agnostic with a "slight" lean towards Linux. Sometimes though, there is a method that is just too good to pass up writing about. "Here, Hold This" is the name I gave to a tactic for Windows post-exploitation persistence in which you cause a legitimate program run at boot to call your Malware startup routine. The exact method has been around pretty much since the inception of the Windows NT model. It takes advantage of the Windows DLL location search order to trick the program into loading a malicious DLL it believes to be legitimate.

Friday, November 6, 2015

Station to Station Encryption in Python


Alice and Bob are looking for a more secure way to communicate than HTTPS. Sure, HTTPS is good for securing their messages against basic eavesdroppers. However, they want to secure their communication, even if someone steals their server's private key. Furthermore, Alice and Bob want to make sure that if an encryption key for any communication is broken it does not compromise the rest. The method they settle on is called the "Station To Station Protocol".