Cappsule was released a few weeks ago and we're happy of the positive attention received. However, relying on a custom hypervisor make its usage quite difficult across various distros. This blogpost explains how the same goals can be achieved on Linux with usual software. Impatient readers can directly checkout NoFear's GitHub.

At Quarkslab, we don't only break software and exploit vulnerabilities, we also try to create innovative and efficient solutions to counter them. Cappsule is one of those solutions.

Obfuscation is made of many different tricks. One we meet very often is mixed instructions who make computations mixing usual arithmetic (ADD, SUB, MUL, DIV) and boolean one (XOR, AND, NOT, OR). All tools get lost when it comes to cleaning this kind of very messy blocks of instructions, and that is why we designed Arybo. With Arybo, analyzing such expressions become way more easy.

This post deals with the new features in IRMA 1.3.0 released earlier this month, from both a user and a contributor point of view.

A modest comparison between two ways of storing our unstructured data, from MongoDB to Elasticsearch.

IRMA (Incident Response & Malware Analysis) is a multi-scanner framework for identifying and analyzing suspicious files. In this article, we describe, step by step, how one can contribute to this open-source project by integrating his own analyzer.