Posts tagged on English
Analysis of a Redline Based Malware
– In recent months, there have been increasing attempts to spread malware via some seemingly ‘harmless’ programs, luring the user through rewards such as sending money with cryptocurrency or NFT-themed gifts. The unsuspecting user by running an ‘innocent’ executable to access prizes becomes part of a botnet. See Full Article
Reverse Engineering the OMNIVISION OS12D40 Driver
– In Part 6 of our series, we structured a theoretical discussion regarding the devices, how they communicate, and the hardware elements that enable this. See Full Article
Exploring the Operating System of Reolink RLC-810A
– In Part 4 of our series, we focused on the file system and before concluding, we were able to extract files from two UBIFS images contained within the firmware. Here in Part 5, we will try to better understand the structure of the root file system by introducing some basic concepts of the operating system used by Reolink RLC-810A, namely Linux. See Full Article
Understanding the UBI File System in Embedded Devices
– In Part 3 of our series, we explored the hardware device elements of the Reolink RLC-810A ― focusing on the NAND memory. We continue with Part 4 of our exploration into an IP camera firmware through introducing the concept of a file system. Furthermore, we will explore the technical reasons for choosing the UBI File System (UBIFS), a file system used especially for a category of mass storage, and … See Full Article
Dissecting Reolink RLC-810A Hardware: A Detailed View
– Now that we know how device booting works, let’s try to extract some parts from the firmware that we downloaded in Part 1 of our series. Here, we are interested in two main sections: the Linux kernel (which takes care of booting the device services) and the flattened device tree (which allows the kernel to know the hardware configuration a priori without inspecting each device). See Full Article
Booting an Embedded OS: the Booting and U-Boot Phase
– In the first post, we introduced embedded devices and started to scour through and extract information from Reolink IP camera firmware. At the end of the post, we ran Binwalk, which showed various types of files such as Flattened Device Tree, uImage Header, and UBI File System. See Full Article
Introduction to Firmware Analysis of a Reolink IP Camera
– Embedded devices continue to increase in popularity and one category, in particular, that has become en vogue as of late is the Internet of Things (IoT). The emergence of these next generation technologies has driven the home automation evolution from simple light bulbs to cloud-connected printers, smart refrigerators, etc. See Full Article
The Story Behind the Alternative Genesis Block of Bitcoin
– In this article, I attempt to explain the early source code of Bitcoin and make correlations with the source code currently in use. My intent is to help you better understand the early details regarding the history of Bitcoin and the enigmatic figure of Satoshi Nakamoto. As far as newcomers to Bitcoin or to the blockchain space are concerned, this may be a fairly complex article to understand as … See Full Article
Unveiling the Anonymous Author: Stylometry Techniques
– One of the techniques that fascinates me most about writing is textual analysis, which includes semantics (the meaning of words) and syntax (the use of signs and letters to construct sentences). See Full Article
Analyzing the Mario Themed Malware
– If you were a child with a Nintendo DS like myself, growing up you will undoubtedly have played (for countless hours) video games from the Mario series. Appearing for the first time in Donkey Kong, Mario is the undisputed protagonist of the video game brand of the Nintendo development house ― from sports to cars, most of the famous video games produced by Nintendo have Mario as the main character. See Full Article
How to Measure Execution Time of a Program
– Measuring the performance of a program means keeping track of the consumption of resources used by the program. See Full Article
An Introduction to Cryptocurrency Wallets: Which Wallet Type Suits You Best?
– As the blockchain and digital asset ecosystem continues to blossom and produce revolutionary technologies that may potentially be the driving forces of the Fourth Industrial Revolution, newcomers to the space are considering what storage options are available for assets such as cryptocurrencies and crypto tokens. See Full Article
A Beginner’s Guide to Getting Started with Bitcoin
– If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin. Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. See Full Article
How to Write a Technical Book
– For some people, publishing a book represents a dream, or lifelong goal, whereby they share a particular experience or subject matter expertise. See Full Article
How to React to the Ledger Data Breach: 5 Recommendations
– If you think you are amongst the users affected by the latest Ledger data breach, it is important not to panic! Follow a few simple steps and you can check the extent of the damage and keep an eye on the security of your account. See Full Article
Convos: A Persistent Self-Hosted Web Client for IRC
– Throughout 2020, in large part due to the lockdown, many people have started to become familiar with internal communication tools. Microsoft Teams, Slack, Telegram, Mattermost, and a few others are the most widely used and recognizable of these tools, but there still seems to be some people using Internet Relay Chat (IRC) ― one of the first online messaging services. See Full Article
A Practical Analysis of the Ledger Phishing Email
– Attempts at phishing and social engineering attacks have increased exponentially as of late, especially towards users who are active in the cryptocurrency space. Recently, there has been much discussion about a cunning attempt by phishers against Ledger and its users. See Full Article
Phishing: Persuading People through a Voice Synthesized by AI - Part 1
– I get between 10 to 20 emails per day and, usually, more than half of them are phishing attempts. Phishing attempts are a type of email scam that typically aims to obtain personal data of the victim, including username and password for email accounts and popular services (Gmail, Hotmail, mail.ru, Twitter, Amazon, etc.), through pages forged ad hoc to simulate login sections. See Full Article
What is Stealth Address technology and Why Does Monero Use It?
– Monero is based on the CryptoNote protocol and utilizes the most powerful cryptographic techniques in an effort to protect the privacy of the sender, recipient, and obfuscate the amount transacted. See Full Article
Monitoring Your Own Infrastructure Using Grafana, InfluxDB, and CollectD
– For some companies, infrastructure is the heart of its business. Specifically, I am referring to those companies which need to manage data and applications located on more than one server. See Full Article
The Myth of Privacy and End-to-End Encryption in Zoom
– Zoom is a service to host meetings without the need to install and configure complicated applications: it is one of the many solutions for those who, during quarantine, want to keep in touch with friends and relatives. See Full Article
Take off the Infrastructure of a Scammer: Cryptonder and Torowallet
– On a rainy autumn day, I was contacted like many users by a suspicious individual on Telegram. He insisted on asking for the help of the user who had to recover his wallet which contained several bitcoins. Our ‘friend’, hencereferred as ‘Z.’, insisted that the user has to register on the platform to be able to unlock his wallet at the price of 0.3 BTC. See Full Article
Monero Windows and Linux CLI Compromised: The Analysis of Binaries
– As mentioned in the getmonero.org blog post, the binaries of Command Line Interface (CLI) of Monero were recently compromised. See Full Article
Introducing the New Website: From WordPress to Gohugo
– At the beginning, I started my website on 14th May of 2017 when the recent Wannacry malware has appeared. My first post, in fact, was to discuss and to analyze the malware in deeper, explaining technical concepts to people who do not know anything about Windows and SMB. See Full Article
Unpacking ASIC firmware: AntMiner Exploited
– Experts say cryptocurrencies (such as Bitcoin, Monero, and Ethereum) will be the protagonists of the future decentralized and distributed economic system. If this is true then one of the most debated topics in the field of cryptocurrency, how to verify payments while spending as little as possible in terms of resources, is especially important for cryptosecurity. See Full Article
Botnet analysis based on IRC network
– With one of my many honeypots actived around the world wide web, I discovered an interesting script written with the famous Perl programming language. This Perl script is a malware used to remotely control a machine, opening what is technically called backdoor. If this malicious program runs on multiple machines, there is a possibility that the attacker may have created a botnet. See Full Article
MyMonero Phishing – Reversing the fake Android app
– With one of my many honeypots actived around the world wide web, I discovered an interesting script written with the famous Perl programming language. This Perl script is a malware used to remotely control a machine, opening what is technically called backdoor. If this malicious program runs on multiple machines, there is a possibility that the attacker may have created a botnet. See Full Article
Mastering Monero first edition has been released
– ‘Mastering Monero: The future of private transactions’ is your guide through the world of Monero, a leading cryptocurrency with a focus on private and censorship-resistant transactions. This book contains everything you need to know to start using Monero in your business or day-to-day life, even if you’ve never understood or interacted with cryptocurrencies before. See Full Article
Ultimate Member User Profile & Membership Plugin STORED XSS
– Ultimate Member is one of the many user profile & membership plugins for WordPress. The plugin makes it a breeze for users to sign-up and become members of your website. The plugin allows you to add user profiles to your site and is suitable for creating advanced online communities and membership sites. Lightweight and highly extendible, Ultimate Member will enable you to create almost any … See Full Article
FontStruct - Break the Font InfraSTRUCTure!
– The website FontStruct allows even novice users to create their own personal font from scratch. A very simplified procedure: you sign up and you are ready to compose your font. Everything is offered through a simple interface as a free service. Not bad for a free service! See Full Article
MEGA Chrome Extension Hacked - Detailed Timeline of Events
– On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal login/register … See Full Article
Deobfuscation and Understanding a Trojan Jscript
– Over 50% of cyber attacks are executed through malware, whose job is to find a flaw to inject other types of viruses including malware, adware and much more. Knowing the computer remotely, it can spy on the screen and even crypt the files: a wrong click and you lose anything. See Full Article
Google Dorks: The Powerup for the Search Engine
– It is estimated that Google has downloaded more pages than any other search engine in the field. With over billions of pages and a relatively low execution time, the popular Californian search engine is able to satisfy all research, both for educational purposes and for purely curiosity purposes. See Full Article
Hackers Can Take Full Control of Online Compilers through a Common Exploit
– Online compilers are a handy tool to save time and resources for coders, and are freely available for a variety of programming languages. They are useful for learning a new language and developing simple programs, such as the ubiquitous “Hello World” exercise. I often use online compilers when I am out, so that I don’t have to worry about locating and downloading all of the resources myself. See Full Article
Introduction to MoneroV and its Inherent Risks
– The “MoneroV” coin is an impending unofficial fork of the Monero blockchain with many “red flag” characteristics that have alarmed the Monero community. Many users are wondering: could the MoneroV fork be a scam project? This article discusses risks for individuals claiming MoneroV, and describes how MoneroV opens an attack vector on the overall privacy of the Monero network itself. See Full Article
How to Crash the iPhone with a Single Telugu Character
– In recent years, Apple has been heavily criticized for the security implications of their market centralization and policy of irreversible operating system updates. Mobile device users are strongly pressured to install packaged iOS upgrades that cannot be rolled back. While this practice greatly increases security for most users, there is an inherent danger to this centralization. See Full Article
How I broke Envato Search Engine
– Envato devs had not developed a strong filter in order to avoid any XSS Attack, and I noticed that I could perform a XSS Injection. I have contacted Envato and, after some investigations, they have discovered that my vulnerabilities were critical! They thanked me and patched the vulnerabilities within 5 business days. Good job Envato!! See Full Article
Developing a Keylogger: Hardware vs. Software Techniques
– To celebrate 400+ visits to my blog after just 10 days (not bad, come on), I managed in my spare time to write another, very interesting article on another popular category of malware: keyloggers. See Full Article
Technical Analysis of WannaCry Ransomware
– By now, on the net, on TV and around the world, there is nothing but talk about WannaCrypt: ransomware, or malware that can encrypt all the files on one’s computer and demand a ransom for unlocking them. See Full Article
Hello world! I'm SerHack
– Hello world, I am SerHack, I am a developer, a security researcher and writer, I mostly write about software backend and a security researcher. I am from Italy where the security of citizens data is not seen as a priority. When I started looking to the world of development, I was like 12 years old. See Full Article
