malware

Corelan Team reply to false allegation made by Kaspersky

Published February 5, 2014 |

Hi, A few moments ago, I was informed about an article on www.securelist.com and the fact that Corelan Team was mentioned in that post. Apparently a researcher at Kaspersky Labs found a piece of text (“You have been owned by CorelanX”) inside a malware sample and concluded that, due to the mere presence of that […]

Posted in Legal | Tagged 0day, allegation, allegation-reply, corelan-exploit-part-5, Kaspersky, malware, reply-of-false-allegations, securelist, you have been owned by Corelan

BlackHatEU2013 – Day2 – DropSmack: How cloud synchronization services render your corporate firewall worthless

Published March 15, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

Jake Williams (@malwareJake) from CSR Group has more than a decade of experience with systems engineering, network defines, malware reverse engineering, penetration testing and forensics. He spent some good time looking at Cloud synchronization services and is presenting some findings in this talks. First of all, think of Dropbox (or any similar tools) as a […]

Posted in Cons and Seminars | Tagged 2013, blackhat, blackhat europe, blackhat-2013-dropbox, C2, cloud, command and control, core-lan, corelan, dropbox, dropbox-jake-williams, dropsmack, dropsmack-application, exfiltrate, jacob-williams-dropsmack, jake williams, malware, reverse engineering, storage, synchronization

HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest

Published May 24, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

One Flew Over The Cuckoos Nest – Automated Malware Analysis Claudio Guarnieri, senior researcher at iSight Partner, and part of the Shadowserver Foundation and the HoneyPot project. He works with malware on a daily basis, maintains malwr.com and is the main developer of the Cuckoo Sandbox, which is also the main topic of his talk. […]

Posted in Cons and Seminars | Tagged automated analysis, claudio guarnieri, corelan, cuckoo, cuckoo-sandbox-development, cuckoo-sandbox-submit-web-form, Exploits, google summer of code, hitb2012ams, honeynet, in-memory-execution-cuckoo-sandbox, magnificent7, malware, malwr-interface, malwr.com, python, rapid7, sandbox, virtualbox, web-interface-cuckoo-submit

Honeynet Workshop 2011

Published March 30, 2011 |

By Corelan Team (ekse)

March 21th I was in Paris for the annual Honeynet Workshop. For the first time this year there was a conference day accessible to the general public. Moreover, I didn’t have to pay the registration fee since I successfully completed one of the Honeynet Forensics challenges. The day was split in 4 sessions and had talks covering the Honeynet projects, malware, and ethical and legal considerations of tracking botnets and eventual take-downs.
Continue reading →

Posted in 001_Security, Cons and Seminars, Malware and Reversing, Uncategorized | Tagged 2011, angeloa dell'area, bayesian, bytecode, capture-hpc, christian seifert, ctf, david watson, dionanea, ekse, form grabbing, georg wicherski, glastopf, google, honeyclient, honeynet, honeypot, lance james, libscizzle, lukas rist, malicous, malware, multicap, nepenthes, oxff, packet, phoneyc, python, qemu, reassemble, sandbox, sebek, sniffing, spidermonkey, spyeye, streams, summer of code, tillman werner, vmware, wireshark, workshop, zeus

BlackHat Europe 2011 / Day 02

Published March 18, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

Having missed the IOActive party last night, I woke up fresh and sharp and ready for some kick-ass debugger stuff so I decided to start my second day at BlackHat Europe 2011 with attending the Cisco IOS fuzzing & debugging talk.
Continue reading →

Posted in 001_Security, Cons and Seminars | Tagged 2011, alfredo ortega, barcelona, blackhat, blackhat europe, cisco ios, denial of service mitigation, DoS, floodgates, fuzzing, graph, loic, malware, pie chart, roboo, sebastian muniz, stuxnet, tom parker, visualize, wim remes

The Honeypot Incident – How strong is your UF (Reversing FU)

Published January 31, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it “EGYPTS-AIRWAYS”, set up a honeypot + some other monitoring tools, and connected it to the internet.
Continue reading →

Posted in 001_Security, Exploits, Malware and Reversing | Tagged analysis, anti, challenge, compromise, conficker, corelan, debugger, debugging, engineer, game, honeypot, how strong is you uf, iat, isdebuggerpresent, malware, ms08-067, netapi, peb, reverse, reversing, svchost.ee, worm

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Corelan Team reply to false allegation made by Kaspersky

HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest

Honeynet Workshop 2011

BlackHat Europe 2011 / Day 02

The Honeypot Incident – How strong is your UF (Reversing FU)

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!