Andrey Bazhan, from Comae Technologies, just made a neat addition to SwishDbgExt which is the ability to use Yara rules to hunt process in memory via a new command called !ms_yarascan
!ms_yarascan
Yes, this is bad — real bad — this is another ransom-ware leveraging SMB network kernel vulnerabilities to spread on the local network. The exploit used is based on…
Inspired by Google Summer of Code, which I was a participant in 2008 with the Samba Project, Comae Summer of Code is a global program focused on bringing more student developers into cyber-security software development. Students work with Comae developers on a 2 month programming project…
Thanks to Mohamed Saher for publishing a complete 63 pages solution for the Student Crackme.