CyStack Security

Details of the remote code ex*****on vulnerability in the Cyclos payment software which was exploited in the recent attack on ONUS discovered by CyStack

Cyclos < 4.14.15 - Remote code ex*****on | CyStack Security CyStack Advisory ID CSA-2021-01 CVE IDs CVE-2021-44832 Severity Critical CVSS v3 Base 10.0 Synopsis Cyclos is a payment software created for banks, barters, remittances, and innovative currency systems. Cyclos is used by more than 1500 payment systems worldwide. CyStack recently found that Cyclos ve...

Our research about macOS rootkit emulation which was presented at BlackHat USA 2020

macOS Rootkit Emulation Kernel rootkit is considered the most dangerous malware that may infect computers. Operating at ring 0, the highest privilege level in the system, this super malware has unrestricted power to control the whole machine, thus can defeat all the defensive and monitoring mechanisms. Unfortunately, dynam...

Early tomorrow morning (Vietnam time), the researcher Do Minh Tuan from CyStack and two other Vietnamese researchers will talk at Black Hat Events - BH USA 2020.

His research proposes a novel approach to deal with kernel rootkits, Demigod, a framework to emulate OS environments, so kernel rootkits can be run in software emulators, all in ring 3. From this sandbox, malware analysts can safely monitor, trace, debug, or perform all kinds of dynamic analysis with this advanced malware.

https://www.blackhat.com/us-20/briefings/schedule/ -the-art-of-emulating-kernel-rootkits-20009

Black Hat USA 2020 Black Hat USA 2020