Ibanking: when malwares bypass the facebook OTP

Introduction Ibanking is a banking malware for the Android platform. Its features are similar to those of the other banking malwares. It includes SMS/call transfer and interception, identity theft, etc. This malware has impacted multiple banks in Europe since 2014. […]

QEMU + GDB + PE imports

QEMU implements a GDB server making it possible to attach to the operating system from outside the virtual machine, via the target remote command of the debugger. When analysing a Windows malware, this method is useful to bypass any anti-debug technique but […]

Security patches in industrial environments: an overview (1/2)

On 25 November 2014, the ICS-CERT released a security advisory entitled “ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities”. This warning concerns two critical vulnerabilities in WinCC application, likely to allow for: Unauthenticated remote code execution (CVE-2014-8551 – CVSS […]