Operation Aurora: Clues in the Code

January 20th, 2010

With the recently disclosed hacking incident inside Google and other major companies, much of the world has begun to wake up to what the infosec community has known for some time – there is a persistent campaign of “espionage-by-malware” emanating from the People’s Republic of China (PRC). Corporate and state secrets both have been shanghaied over a period of five or more years, and the activity becomes bolder over time with little public acknowledgement or response from the U.S. government.

Read more…

Virut, FFSearcher, Twitter

June 26th, 2009

Just finished a couple of back-to-back research pieces. First, a rundown on the C&C protocol encryption in the latest Virut, then a look at a new Firefox browser hijacker that carries out a clever scheme to defraud Google’s Adsense for Search program.

Also, I’m now posting my new research to Twitter as soon as it is available for public consumption. Follow joestewart71 to get these links as soon as they are posted.

Speaking at BlackHat USA 2007

June 4th, 2007

My presentation “Just Another Windows Kernel Perl Hacker” has been accepted at BlackHat Briefings USA 2007. If you’re going to Vegas this year, stop by and catch my talk, and I’ll tell you how to use Perl to remotely debug the Windows kernel from the *nix box of your choice.