Sascha Curylo

Just published a blog explaining the root cause of the recent #win10 crypto vulnerability (CVE-2020-0601 / #curveball ?) using some "Load Bearing Analogies" to make it more accessible. CC: @tqbf @grittygrease @dakamihttps://medium.com/zengo/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6 …

Shout-out to @hasherezade for making #hollows_hunter! Working with this tool inspired me to write a quick tutorial on it: https://securityliterate.com/extracting-malware-from-memory-with-hollows-hunter/ … Anyone know of other good malcode extraction tools like hollows_hunter?

We have just released a new tool for exploiting CVE-2019-19781. Our goal was to keep private as long as possible to have a longer window to fix. Other researchers have published the exploit code in the wild already. Cats out of the bag. https://github.com/trustedsec/cve-2019-19781 … #TrustedSec

The Basics of Packed Malware: Manually Unpacking UPX Executableshttps://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/amp/?__twitter_impression=true …

Research Brain-Dump Join us for a deep dive into the how’s and why’s of automated malware unpacking. In this video we discuss how we built UnpacMe!https://youtu.be/FctDptnYukQ 

a nice talk from #DefCon26, about using PE relocations for the purpose of obfuscation: Nick Cano - "Relocation Bonus - Attacking the Windows Loader Makes Analysts Switch Careers" :https://www.youtube.com/watch?v=8_kfyKVk32c …

Peep this work I've been doing for the last 6 months. I' sure there are errors, but it's at the point where I think it's ready for the world. Enjoy my work on #shamoonhttps://malwareindepth.com/shamoon-2012/ 

We are releasing a free decryption tool for the #Mapo #ransomware (a GarrantyDecrypt/Outsider variant). Detailed instructions are available on our blog: https://www.cert.pl/en/news/single/free-decryption-tool-for-mapo-ransomware/ … Special thanks to @maciekkotowicz for collaboration #NoMoreRansom