QEMU + GDB + PE imports

QEMU implements a GDB server making it possible to attach to the operating system from outside the virtual machine, via the target remote command of the debugger. When analysing a Windows malware, this method is useful to bypass any anti-debug technique but […]

Security patches in industrial environments: an overview (1/2)

On 25 November 2014, the ICS-CERT released a security advisory entitled “ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities”. This warning concerns two critical vulnerabilities in WinCC application, likely to allow for: Unauthenticated remote code execution (CVE-2014-8551 – CVSS […]

CryptoFortress

Reports regarding a new malware threat dubbed “CryptoFortress” started to appear since the 2015-03-02. Some users complained online that their files had been encrypted, all the encrypted file names featuring a suspicious “.frtrss” extension [1]. The malware analyst Kafeine also […]