Blog

Malware Analysis: Ragnarok Ransomware

The analysed sample is a malware employed by the Threat Actor known as Ragnarok. The ransomware is responsible for files’ encryption and it is typically executed, by the actors themselves, on the compromised machines. The name of the analysed executable is xs_high.exe, but others have been found used by the same ransomware family (such as...
29/04/2021By Read more...

Fuzzing: FastStone Image Viewer & CVE-2021-26236

Introduction

In my precedent blog post I’ve introduced “fuzzing” from a theoretical point of view. As I’ve previously anticipated, today I’m going to disclose the fuzzing methodology, process and samples that led me to discover five different vulnerabilities in FastStone Image Viewer v.<=7.5. I’ll also go over the root cause analysis of CVE-2021-26236...
18/03/2021By Read more...

Software Testing Methodologies & Approaches to Fuzzing

In this article, I would like to introduce fuzz testing as part of a vast overview of software testing approaches used to discover bugs and vulnerabilities within applications, protocols, file formats and more.

Application Security

With an ever-increasing number of vulnerabilities discovered during the years, many organizations still spend little budget and effort to produce...
25/02/2021By Read more...