Do Math or Windows Dies! – customizing a .NET ransomware

21 de June de 2021 Por
NOTE: the content of this article is educational and informative. The goal is to learn how malware works and how can we identify its capabilities. The author is not responsible for any bad actions derived from the information of the post. The author does NOT ENCOURAGE to execute the sample OUTSIDE OF AN ISOLATED LABORATORY.

In this article we are going to analyze, gut and customize a little screen-locker (a member of ransomware family that locks the machine without encrypt the data). This is a clumsy but effective sample that we will alter to create our own ScreenLocker.

SSHBOT, the cr*ppy ScreenLocker

SSHBOT, also known as P4YME, is an old and unsophisticated malware from ransomware family.

We will use a public sample submited to VirusTotal, where is detected by 54 Anti-virus:

When executed, it restarts the machine and shows this message:

[Read more…]

GOTO XII: Security Certifications

7 de June de 2021 Por
Please bear in mind several things before going ahead. One: this post, even still very much alive today, was published back in June 2015 in the Spanish section of the blog. Two: this “GOTO” title thing makes reference to the controversial GOTO programming instructions. Three: even though this is the 12nd part of the GOTO series, they have not been translated, but they are not really connected but for their controversial nature… so just ignore that “XII” and move ahead. Enjoy!

There are few topics capable of generating as much debate in the field of IT security as certifications: they’re great, they’re useless, generalist, product specific… Proponents and detractors put forward quite valid arguments when it comes to defending and questioning the real value of security certifications.

Let’s imagine for a moment that we have a helmet that allows us, at the push of a button, to become either a fanboy of certifications or their staunchest enemy. Helmet in hand (well, head on, safety first) let’s go over some arguments for or against security certifications.

[Read more…]