stealthy, like a snake

Naja: a genus of venomous elapid snakes known as cobras. Pseudonaja textilis, more commonly known as the Eastern brown snake, is considered the world’s second most venomous land snake based on its LD50 value in mice.

Naja – in this instance – is a Windows trojan developed by me in Python, inspired by several other Python projects (mentioned throughout this post), which makes use of Metasploit shellcode to facilitate a reverse connection to targets. It is distributed in two parts and makes heavy use of various encoding mechanisms and encryption in conjunction with process injection to bypass antivirus and other mitigations like Microsoft’s EMET.

Note: This post was originally made on 16 Dec ’14, but has since been updated.
Continue reading “stealthy, like a snake”

herding sheep

It goes without saying that Pokemon GO is a craze of magnitude that we haven’t seen for a long time, and undoubtedly one that will be around for quite some time. If memory serves me correctly, not even Angry Birds grew in popularity this rapidly – and it didn’t have the same positive effects (e.g. getting gamers outside and socialising with others).

“prepare for trouble, and make it double”

Whilst most observers may see the primary negative effect as the game being yet another contributor to mobile phone addiction – diluting what are likely already diluted “real world” skills – those of us with a more nefarious view of the world will see this as a prime opportunity to pop some shells. Just as the Rio Olympics have spurred a wave of phishing and malware attacks, it comes as no surprise that Pokemon GO has too. So, this made me think… exactly how covert can you make Android malware?
Continue reading “herding sheep”


In 2009 I gave a presentation entitled ‘Human 0-Days’ in which I made two very clear points:

  1. The inherent selfishness of humans is perhaps their most gaping, easily exploitable vulnerability.
  2. An organisations weakest point will always be it’s employees, due to the above.
To illustrate these two points I performed a demonstration of how a rogue wireless access point could be used to both extract confidential information from associated clients and infect them with malware. Whilst the latter task has remained consistently effective over the past few years, the widespread use of SSL/TLS and HTTP Strict Transport Security has made intercepting readable and usable information somewhat more difficult – at least until now…

Continue reading “facade”