Cyberus Tech-Blog

Welcome to the Cyberus Tech-Blog!

Tracking file system access of individual processes

February 5, 2018

In the last article, we have shown how to interrupt a process running in an unpatched Windows system on top of the Cyberus virtualization platform before it executes specific system calls using the Tycho Python API. This time, we demonstrate how to implement a short but useful script that logs which files are accessed by a process of our choice.

Read more...


Windows system call parameter analysis

January 22, 2018

Due to its introspection capabilities, the Cyberus virtualization platform is able to analyze Windows system calls. In this article we demonstrate how simple it is to extract system call parameters out of a running windows machine with Python using the Tycho API.

Read more...


Simple DLL injection detection

January 4, 2018

In this article we are going to play with a DLL injection tool on a Windows system that is running on top the Cyberus Virtualization Platform. Using the Tycho Python API, we will see how dead simple it is to check if a process has been subject to DLL injection.

Read more...


Meltdown

January 3, 2018

Meltdown is an attack on the general memory data security of computers with the Intel x86 architecture. Two members of the founder team of Cyberus Technology GmbH were among the first experts to discover this vulnerability. This article describes how Meltdown actually works and also examines the mitigations that have been patched into the most widespread operating systems while the information embargo was still intact.

Read more...


Fun with Python and Tycho

January 2, 2018

This article demonstrates how simple it is to setup our analysis tool Tycho and plays with the Tycho Python API in order to outline its potential. We will pause and resume processes, read interesting process information, and inject errors using the Tycho Python API.

Read more...