Reverse engineering DUBNIUM (Microsoft Malware Protection Center)

“In most cases, the daily operation of the DUBNIUM APT depends on social engineering through spear-phishing. They are observed to mainly rely on an .LNK file that has an icon that looks like a Microsoft Word file. If the victim clicks the file thinking it’s a Microsoft Office Word file, it downloads a simple dropper that will download and execute next stage binary – which in this case, has the file name of kernelol21.exe.”

Source: Reverse engineering DUBNIUM –Stage 2 payload analysis – Microsoft Malware Protection Center

Continue Reading

How to Crack Android Full Disk Encryption on Qualcomm Devices

“Since the key is available to TrustZone, Qualcomm, and OEMs [Original Equipment Manufacturers] could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device,” Beniamini wrote. “This would allow law enforcement to easily brute force the FDE password off the device using the leaked keys.”

Source: How to Crack Android Full Disk Encryption on Qualcomm Devices

Continue Reading
1 3 4 5 6 7 17