NosuchCon Conference – Final day

NosuchCon Conference – Final day

Hi! This day of NoSuchCon conference was very exiting. Unfortunately was the last one… I woke up quite early this morning, after a great Conference party organized the evening before at “La rotonde de la Villette” pub in Paris… I met a lot of security researcher there, and had a beer altogether. I found indeed that there are some very good and clever italian researchers that do a work very closely to mine. We have …

Continue reading →

NosuchCon – Day 2

NosuchCon – Day 2

Hi all! This day was the second one, attending NosuchCon conference…. In the morning we have seen a good analysis on a new kind of BIOS rootkit, able to resist to even a BIOS reflashing. Its name is “The Flea”. Entire work was presented by John Butterworth, Corey Kallenberg, Xeno Kovah (guys from Mitre). I think that it could be a very strong and interesting project… We have seen furthermore a presentation of ARM exploitations …

Continue reading →

NosuchCon Conference – Day 1

NosuchCon Conference – Day 1

Hi all! As promised I am starting to write a series of 3 blog posts regarding my visit to NoSuchCon conference here in Paris… I have just attended the first of the three days of this good Security conference. Researchers from all over the world have presented some interesting topics. In my opinion the most important and useful (for at least this first day) is the one showed by Mateusz Jurczyk. He has discussed some …

Continue reading →

Personal Firewall: We really live in a secure environment?

Personal Firewall: We really live in a secure environment?

Today I would like to introduce a great analysis I have done in February 2012, when I was still working for PrevX and I was studying Windows Kernel communications interfaces. This analysis treats NDIS and WSK DDIs (Device Driver Interfaces): make some tests on some Security solutions available in the year 2012, and defines general guidelines to correctly implement something good with NDIS. All tests have been made with the aim to bypass Personal firewall …

Continue reading →

New Blog, new resources

Hi All! I’m proud to announce that my new blog is almost ready! A lot of new features, graphics and contents. New blog is available here: www.andrea-allievi.com. Have fun! Andrea

Continue reading →

Some present works

Hi All! Due to lack of time I’m updating this blog only now…. Btw I would like to inform all readers that there are some projects (completed and not) waiting to be published. – First of all my company (now Saferbytes, born from ItSec) has sponsored new release of X86 Memory bootkit. This time it comes out very stable and usefull, with a lot of new features (like VBR type setup, UEFI compatibility and many …

Continue reading →

x86 Memory Limits Bootkit tool

x86 Memory Limits Bootkit tool

Hi everyone! A great August news… My company has been interested in my free-time project: a bootkit able to bypass 32 bit Microsoft systems memory limit (maximum amount of usable memory to only 4 GB). The development process is done, my bootkit is able to hot-patch Windows kernel and enable all machine PAE pyshical memory (up to 64 GB)!! I’m proud to signal the complete article: www.saferbytes.it/2012/08/06/x86-4gb-memory-limit-from-a-technical-perspective/ (link updated on May 2013). It is a …

Continue reading →

Sinowal: MBR Rootkit never dies!

Hi all! Due to the lack of spare time, I can’t update my blog many times… BUT by the way I’ve got a news: my company finally had published an article written by me in his blog. The paper is about the new Sinowal update… It’s available here: http://www.itsec.it/2012/06/06/sinowal-mbr-rootkit-never-dies-and-it-always-brings-some-new-clever-features/ Let me know what you, as reader, think about it… (your opinion is important :-)) and STAY tuned: Before the holidays AaLl86 will return with a …

Continue reading →

Sinowal: the evolution of MBR Rootkit continues

New Rootkit is evolving in the wild: it’s the old MBR Rootkit now updated and full of new interesting things…. You can take a glance of analysis here: www.aall86.altervista.org/files/Sinowal_new_Analysis.pdf The rootkit was very powerfull and full of interesting feature. You can read the analysis and comment here about what do you think.

Continue reading →

ZeroAccess APC: My First blog post

ZeroAccess APC: My First blog post

Here is my first Security Blog article. It tells about ZeroAccess clever APC, it should been published on Soteha website (www.soteha.it) but for a reason that personally I haven’t already known It doesn’t. I report here. It is in Italian language. ZeroAccess: A brand new Clever Rootkit In queste settimane in laboratorio stiamo analizzando un nuovo ritrovato nel campo delle minacce alla sicurezza informatica: il nuovo rootkit ZeroAccess. È stato sviluppato dagli stessi creatori di …

Continue reading →