Articles by Dejan Lukan

Analysis of Disco Savings Adware
Overview We have analyzed the Disco Savings malware in order to identify it's internals and posted a whitepaper, so you should check it for all the details regarding the analysis process. We have posted a number of malicious JavaScript files used by Disco Savings adware in our malware-samples Github ...
PfSense Vulnerabilities Part 4: Directory Traversal
Introduction In this article we'll present the CVE-2014-4690 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...
PfSense Vulnerabilities Part 3: Local File Inclusion
Introduction In this article we'll present the CVE-2014-4689 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...
PfSense Vulnerabilities Part 2: Command Injection
Introduction In this article we'll present the CVE-2014-4688 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...
PfSense Vulnerabilities Part 1: XSS
Introduction For those of you who don't know, PfSense is an open-source network firewall distribution based on FreeBSD operating system used by many companies worldwide to protect their infrastructure. Up until now, it has been more than a year since we've reported a number of security vulnerabilities existing ...
Next Generation Dynamic Analysis with PANDA
PANDA is a platform for architecture-neutral dynamic analysis [1] built on top of QEMU system emulator, which makes it feasible to access all code executing in the quest and all data being manipulated in the guest virtual machine. PANDA supports the same architectures as Qemu, so every instruction set can ...
The Awesomeness of Open Source
A few days ago we made the decision to change the default insecure HTTP protocol being used in our company website: Protean Security with a secure HTTPS protocol. The process was very easy at the beginning and there was little needed to be configured. Basically we had to register our ...
Installing and Using Cuckoo Malware Analysis Sandbox
Introduction In this article we'll explore the Cuckoo Sandbox, an automated malware analysis framework. When installing Cuckoo for the first time, we can quickly determine that it's not all that easy to install Cuckoo [1]. Therefore, to ease the pain we've described the process of how to ...
Running VirtualBox/VMWare on Hardened Kernel
Running VirtualBox or Vmware on Hardened Kernel In this article we'll take a look at how to run VirtualBox/Vmware on a hardened kernel, which provides various security features increasing the security of the entire system. The default installation of Linux kernel is not as secure as it can ...
A Blast From the Past: Executing Code in Terminal Emulators via Escape Sequences
In the beginning of time, there were hardware terminal emulatorsalso called ttys, which are programs emulating a video terminal. In modern computers, we're mostly used to graphical user interfaces (GUIs), whereas a terminal emulator like xterm is used to access the command line interfaces (CLIs) or text user interfaces ...