Linux.Liora: a Go virus

4 minute read Published:

Simple prepender virus written in GoLang
So this guy asks me in a job interview last week “Have you ever developed in Go?” and well what’s best to learn a language than writting a prepender (probably a lot of things but don’t kill my thrill)? There you have it, the probably first ever binary infector written in GoLang (SPTH LIP hxxp:// “outdately” confirms that - replace hxxp with http, this website is wrongly classified as malicious for some security tools).

Dynamic API Calls in .NET

2 minute read Published:

Using Reflection to call APIs dinamically
Today I’m going to share a way to call APIs without DLLImport. I’ve first saw this years ago at as far as I remember and got into the idea. The code was lost since then but I found a copy. Program.cs using System; using System.Reflection; namespace APICaller { class Program { ``` public static void Main(string[] args) { Console.Title = "Dynamic API Caller"; Console.WriteLine("Press any key to call your API!

MBR Dump With .NET - Part 1

2 minute read Published:

Dumping MBR with .NET
Greetings. Years ago I was messing around with Windows MBR (VXHeaven thread) and got stuck while trying to write a modified copy back to the disk. I’m calling this “Part 1” because I’m still stuck at this and plan to get back on my research. Anyways, it will be a short post, just to share where I was at that time. using System; using System.Runtime.InteropServices; using Microsoft.Win32.SafeHandles; using System.IO; namespace MBR { class MainClass {[DllImport("Kernel32.

A Steganographic .NET Executable

3 minute read Published:

A simple introduction to steganography with .NET
A while ago, alcopaul suggested a .NET executable that could store a secret message inside. While I did not followed his strict theory, I did wrote a working proof of concept, very basic and dirty but, well, it’s only a POC. Here we go (dirty code, do not judge me): Our includes for this application. using System; using System.Reflection; using System.IO; using System.Windows.Forms; using System.Security.Cryptography; I’ll now show you the methods I’m using here.

.NET Injection Cecil

3 minute read Published:

Getting into .NET injection with Mono
This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL instructions) into a target assembly, transforming it as we wish. Here’s the test scenario: A dummy C# application like the one below, compile it to get it’s executable file, that’s what we need (

Linux.Zariche: a Vala virus

9 minute read Published:

Simple prepender virus written in Vala
Vala is an object-oriented programming language with a self-hosting compiler that generates C code and uses the GObject system. Vala is syntactically similar to C# and and rather than being compiled directly to assembly or to another intermediate language, Vala is source-to-source compiled to C, which is then compiled with a platform’s standard C compiler, such as GCC. You can also create VAPI files which are basically native C (not C++) functions you can import to Vala code (I will show an example later).