Hi All! I’m happy to introduce here the result of my last 2 months of work. I have indeed finished my big analysis on Windows 8 AppContainers. The 14 pages article has been completely reviewed and terminated on 5th June 2013. Due to some commercial issues, my company has published it just last week. The full article is available here: http://news.saferbytes.it/analisi/2013/07/securing-microsoft-windows-8-appcontainers/ I am even working on an application able to start whatever Win32 application under …
NosuchCon Conference – Final day
Hi! This day of NoSuchCon conference was very exiting. Unfortunately was the last one… I woke up quite early this morning, after a great Conference party organized the evening before at “La rotonde de la Villette” pub in Paris… I met a lot of security researcher there, and had a beer altogether. I found indeed that there are some very good and clever italian researchers that do a work very closely to mine. We have …
NosuchCon – Day 2
Hi all! This day was the second one, attending NosuchCon conference…. In the morning we have seen a good analysis on a new kind of BIOS rootkit, able to resist to even a BIOS reflashing. Its name is “The Flea”. Entire work was presented by John Butterworth, Corey Kallenberg, Xeno Kovah (guys from Mitre). I think that it could be a very strong and interesting project… We have seen furthermore a presentation of ARM exploitations …
NosuchCon Conference – Day 1
Hi all! As promised I am starting to write a series of 3 blog posts regarding my visit to NoSuchCon conference here in Paris… I have just attended the first of the three days of this good Security conference. Researchers from all over the world have presented some interesting topics. In my opinion the most important and useful (for at least this first day) is the one showed by Mateusz Jurczyk. He has discussed some …
Personal Firewall: We really live in a secure environment?
Today I would like to introduce a great analysis I have done in February 2012, when I was still working for PrevX and I was studying Windows Kernel communications interfaces. This analysis treats NDIS and WSK DDIs (Device Driver Interfaces): make some tests on some Security solutions available in the year 2012, and defines general guidelines to correctly implement something good with NDIS. All tests have been made with the aim to bypass Personal firewall …
New Blog, new resources
Hi All! I’m proud to announce that my new blog is almost ready! A lot of new features, graphics and contents. New blog is available here: www.andrea-allievi.com. Have fun! Andrea
Some present works
Hi All! Due to lack of time I’m updating this blog only now…. Btw I would like to inform all readers that there are some projects (completed and not) waiting to be published. – First of all my company (now Saferbytes, born from ItSec) has sponsored new release of X86 Memory bootkit. This time it comes out very stable and usefull, with a lot of new features (like VBR type setup, UEFI compatibility and many …
x86 Memory Limits Bootkit tool
Hi everyone! A great August news… My company has been interested in my free-time project: a bootkit able to bypass 32 bit Microsoft systems memory limit (maximum amount of usable memory to only 4 GB). The development process is done, my bootkit is able to hot-patch Windows kernel and enable all machine PAE pyshical memory (up to 64 GB)!! I’m proud to signal the complete article: www.saferbytes.it/2012/08/06/x86-4gb-memory-limit-from-a-technical-perspective/ (link updated on May 2013). It is a …
Sinowal: MBR Rootkit never dies!
Hi all! Due to the lack of spare time, I can’t update my blog many times… BUT by the way I’ve got a news: my company finally had published an article written by me in his blog. The paper is about the new Sinowal update… It’s available here: http://www.itsec.it/2012/06/06/sinowal-mbr-rootkit-never-dies-and-it-always-brings-some-new-clever-features/ Let me know what you, as reader, think about it… (your opinion is important :-)) and STAY tuned: Before the holidays AaLl86 will return with a …
Sinowal: the evolution of MBR Rootkit continues
New Rootkit is evolving in the wild: it’s the old MBR Rootkit now updated and full of new interesting things…. You can take a glance of analysis here: www.aall86.altervista.org/files/Sinowal_new_Analysis.pdf The rootkit was very powerfull and full of interesting feature. You can read the analysis and comment here about what do you think.