englishpolski

 

 

 

 

This content requires the latest Adobe Flash Player.

Please click here to download

Research

We believe research is the way to stay in the top of each kind of industry. It is even more important for the computer forensic industry, as this field is still emerging, and very quickly changing together with the technology. Please find below some of our research work that we decided to share with the community:

  • 2010-04-19 Targeted attacks: from being a victim to counter-attacking
    A paper presented at Black Hat Europe 2010 conference about how a victim of a targeted attack can strike back against the attacker. It discloses a vulnerability in one of the trojans used in targeted attacks, Poison Ivy, and then describes a way of creating a stable and reliable exploit against it. Prior to that, it shows how to analyze malicious payload, how to identify the type of the trojan used, and how to deobfuscate the code.
  • 2010-02-15 Size matters for the AV products
    This is (again) a story about how suprisingly easy is to fool some of the AV products.
  • 2010-01-09 Yet another interesting PDF obfuscation
    We found other nice tricks the bad guys use to obfuscate the malicious JavaScript content in the PDF files.
  • 2009-11-25 Making malicious PDF undetectable
    Quick decription of a technique that can be used to change the generated malicious PDF file to make it undetectable by the antivirus software.
  • 2009-11-03 Unobfuscating JavaScript
    A quick howto on un-obfuscating the JS code served with the drive-by exploits. As it turns out, the proper usage of severals tools makes it possible to break even the most complicated obfuscation.
  • 2009-06-27 Solaris NFS Server XDR handling vulnerability
    SIGNAL 11 discovered a serious Denial-of-Service vulnerability in Solaris NFS Server, during the security assesment of Solaris network components. This is a detailed analysis of the vulnerability and risks.
  • 2009-06-27 Solaris NFS Client Module Vulnerability
    SIGNAL 11 discovered a serious Denial-of-Service vulnerability in Solaris NFS Client, during the security assesment of Solaris network components. This is a detailed analysis of the vulnerability and risks.
  • 2004-10-12 Detection, prevenation and removal of rootkits
    Paper from Andrzej's presentation at SECURE 2004 security conference in Warsaw. It explains the usage of rootkit in a high-profile real life incident (case study).
  • 2004-09-26 OpenSSH SLOG
    One time a customer wanted to have tool "recording" all the work done remotely via SSH by the outsourcing company. We deveoped a patch fot the SSH server to record all the sessions to a file and play them afterwards in a nice way.
  • 2003-12-22 EmailThief
    A proof-of-concept code prepared during a penetration test for a customer. This code makes use of Cross Site Scripting and social engineering to steel entire mailboxes of users of some polish mail providers.
  • 2001-11-20 SCO OpenServer HTFS Linux driver
    Data recovery case. Andrzej, as his master thesis, wrote a kernel driver for Linux to read the SCO OpenServer partitions. People are sometimes still asking for this driver, it's GPL-licensed, and can be downloaded here.
  • 2001-11-09 File Systems Implementation
    The master thesis of Andrzej. This talks about how to implement new file system drivers in Linux. We believe it is still worth to learn basic principles of file system internals (paper in Polish).