Quantcast

Archive: Jul 2014

The Next Crypto Wars 3: Government Mandating Backdoors

Chris Soghoian zeroes in on the government’s attempts to circumvent privacy measures by the Silicon Valley companies that all came to employ encryption. Silicon Valley vs. telco surveillance What we have seen in the last few years is a transition. We’ve seen a migration away from telecommunications...

The Next Crypto Wars 2: Going Dark

Delving further into crypto evolution, Chris Soghoian focuses on the relationship between law enforcement and companies that adopted strong privacy algos. Going Dark And so, things were good for a while. It didn’t really matter that your browser could do strong crypto. It didn’t really matter that you...

Remove Omiga Plus (isearch.omiga-plus.com) adware

Omiga Plus by Taiwan shui Mu Chih Ching Technology, Inc. is a desktop maintenance application that merges the useful with the intrusive. What’s handy about it is the feature of organizing the desktop in a way that allows quick and easy access to its items, accommodating intuitive layout in grids, the...

Backdoors, Government Hacking and the Next Crypto Wars

Christopher Soghoian, ACLU’s Principal Technologist, presents his study at Defcon highlighting the past and the present of the privacy and cryptography realm. Good morning or good afternoon, my name is Chris Soghoian, I am the Principal Technologist for the Speech, Privacy and Technology Project at the...

AV Evasion 6: Best-Performing Tactics

Having overviewed antivirus evasion methods that didn’t turn out too efficient, David Maloney now describes some successful approaches that he came up with. We are not going to use stagers anymore, that is to say, we are not going to use the ones that come as payloads in Metasploit Framework. We are going...

How to remove Speedial Search homepage hijacker

The last few years’ adware propagation boom is particularly troubling, because not only do these nasty little cyber threats take the essential web browsing choices away from their victims – they compromise user privacy as well. All of these risks turn out to be there when it comes to the analysis of the...

AV Evasion 5: Blending in Instead of Hiding the Bad

Continuing to elaborate on ways to circumvent antivirus detection, David Maloney dissects code generation and Ghost-Writing techniques in this regard. One of my co-workers said to me: “What about doing code generation, what if you never put your payload in the executable at all; instead, you have your...

How to remove Sweet Page adware

Ambiguity in the nature of Sweet Page consists in its denoting both a rather harmless web page and a highly annoying application. It reflects the widespread cybercrime tendency that exists on the frontier between the acceptable and illegitimate, namely adware propagation. A campaign like this starts with...

How to remove Trovi Search virus

Circumventing user authorization while making changes to the way a computer system is configured is a feature that makes apps like Trovi Search an unwanted entity. Falling victim to this adware is a matter of installing a third-party program and paying little or no attention to the details of the setup...

AV Evasion 4: Encoders and Fuzzy NOPs Fail

What gets scrutinized in the given entry is whether or not the use of encoders and generating fuzzy NOPs can help avoid interception by AV. Alright, what about inlining it? Like a said, typically we have been shoving stuff into a variable, then doing some dereferencing tricks in C, and then executing it as...

AV Evasion 3: EXE Templates and Run-Time Dynamic Linking

Delving further into techniques to keep payloads undetected by antiviruses, David Maloney analyzes the efficiency of several popular obfuscation methods. Alright, so how do we get around the problem of the EXE Template? Well, like I said, the default template with no payload is 42 detections. We have the...