DanaBot Communications Update
Mon 20 September 2021
This short blog post is about the minor changes introduced in the version 1987 of DanaBot.
Dridex Loader Analysis
Tue 06 April 2021
This article is a deep dive into the Dridex Loader
Lockbit analysis
Fri 02 October 2020
This article is a deep dive into the IOCP and encryption process from LockBit in depth.
Pentesting a banking FTP service
Tue 24 March 2020
This articles intends to bring an exploitation scenario encountered during a common penetration test.
Whitepaper: The Lazarus Constellation - A study on North-Korean malware
Mon 09 March 2020
In this whitepaper, Lexfo analyses Lazarus malwares, from their motives, to their detection and mitigation, through their techniques, tactics, procedures.
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 1/4)
Tue 02 October 2018
The first article covers an in-depth CVE/bug analysis, designs an attack scenario and starts implementing a PoC in ring-0 with SystemTap. The core concept section focuses on file/socket related data structures, netlink and refcounters.
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 2/4)
In the second article, a ring-3 PoC is built by removing each SystemTap script line one-by-one. It explains how to find and tailor syscalls to force the kernel into particular code paths as well as unconditionally win the race condition. The core concept section focuses on the scheduler subsystem (task states and wait queues).
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 3/4)
The third article covers use-after-free exploitation. Starting from the PoC, it will explain what is needed to exploit UAF in ring-0, how to do a reallocation and gain an arbitrary call primitive. The core concept section focuses on the memory management subsystem (SLAB allocator).
Visit also our blog dedicated to web security research