All posts by kyREcon

A.R.F v2.0 – News #1

***The following methods are not available for download yet.***

New methods added in:

SehDbgDetection Class
HardwareBreakPointDetection class

New Class added:

VirtualMachineDetection – Currently includes 6 new methods (2 for each) to detect VirtualPC, VMWare, and VirtualBOX. More methods are being developped to detect these 3 popular VMs.

What’s next…

Detecting SandBoxes. – Currently one method has been tested for the well-known SandBoxie, and more research is coming for other popular SandBoxes.

Phishing Attempts #1

Today I noticed 2 phishing attempts, targeting Lloyds TSB Bank and Hotmail accounts. Some really nice work there…

Well, you will have to zoom-in in order to enjoy the view, or just copy the location link of the image into your browser… :O)

Hotmail:
Hotmail_Phishing_1

Lloyds TSB Bank:
Lloyds_TSB_Phishing_1

Cheers,
KyREcon

A.R.F v2.0

I had promised that I will keep working on the Anti-Reversing Framework, so I am back on it.

Even if I don’t have a lot of free time, I am planning to release v2.0 before September.

The new version will include more debugger detection methods, as well as various methods to detect Virtual Machines such as VMWare, VirtualPC etc..

Finally, I am planning to add also some generic “attack” methods that the user will be able to use in case a debugger or a VM has been detected. However, this could be a feature of v2.1 later on, depending on the time I have available.

Stay tuned,
KyREcon