infosec4breakfast

CryptXXX Technical Deep Dive

Some of you may be wondering what I’ve been doing for the past while since I have not been posting very often, if at all in the past number of months. One of my recent write-ups can be found here: https://blogs.cisco.com/security/cryptxxx-technical-deep-dive

Finding crypto flaws in ransomware has been a ton of fun (albeit trivial in comparison to other methods that have been abused to recover original files), as well as reverse engineering modern malware variants that contain a large amount of obfuscation. This is a great illustration as to why secure seed generation is so important. Hope you enjoy the post ;) feedback is welcome.

I’d like to take this opportunity to link some write-up that I really enjoyed by samvartaka which a motivation for the work above, simply due to the quality of content he/she produces: https://samvartaka.github.io/malware/2015/11/20/ctb-locker I’d also highly suggest the rest of his/her postings here: https://samvartaka.github.io/ especially those on malware exploitation, which I believe is a highly underrated research area.

Cheers,

JM