It has been long time since my last post, I have been really busy these days. But I hope this nice post would compensate for days I didn't post anything. So this post has a back story, but again, I can not go in detail, can not name any particular application or company. So I won't be disclosing any information regarding the case, but I will do my best to explain the situation.

Since it has been long time I didn't write something, I decided to find something to write about. I was planning to write about one of my findings while I was doing some penetration testing for a customer. I found an interesting vulnerability in a ColdFusion written web site of the client, it took me quite some time to successfully gain full control of the server by leveraging the bug. This portal was in use for long time and a lot of people have tested it and checked it for vulnerabilities, but it seems that all of them missed my finding.

Analysis of Finfisher shell extension which is basically a keylogger DLL, driverw.sys file which they use for MBR modifications (in case \\.\PhysicalDrive0 wasn't accessible from user-mode) and mssounddx.sys which is in direct communication with MBR code and used to create thread and inject code into user-mode processes.

I've already covered most parts of FinFisher malware in last two articles (part1, part2). This time, in this article, which is last article related to FinFisher, I'll cover last important tricks, methods and techniques used by FinFisher. So I'll make categorize them by subject:

Hi again! In my previous post, I demonastrated how to use RFID cards to add extra layer of security for logging into Linux systems using PAM modules. In this post, I'm going to show you how I managed to do same thing for Windows.

Hey everyone! I had some freetime last night and I noticed that I have several RFID cards and and RFID reader and I almost do nothing with them. After thinking a little bit about what I can do with RFID reader, I came up with an idea! NFC RFID Linux PAM (Pluggable Authentication Module)! So next time for logging into my computer, user should have an RFID card, otherwise, even entering correct username+password combination, will not work.

This is the app I talked about in previous post

Based on shellcode in previous post, I wrote a functional application which injects shellcode into remote process and unloads given module name. We can also call it remote process DLL unloader.

ProcModUnload.c

I had to run some tests on some smart cards I received recently in Debian. I did some research to find a very simple, very basic command line code, compilable and runnable in Debian, which will run HEX commands in smart card and show the results again in hex and .
So I wasn't able to find such a code and I decided to write my own. From now on, you can use it too:
Sample.c