Cyberus Tech-Blog

Welcome to the Cyberus Tech-Blog!

Spectre V4: Store-Load Vulnerability

May 22, 2018

After Meltdown (see also our article about Meltdown) and Spectre, more vulnerabilities in out-of-order CPUs have been uncovered that use similar attack vectors.

This article is about the new variant 4 of the Spectre attack that works without misleading the branch predictor. Instead, it exploits an implementation detail of Intel’s memory disambiguation technique inside the CPU’s pipeline.

Read more...


Introducing: Tycho Malware Forensics Suite

May 17, 2018

The Cyberus Tycho Malware Forensics Tool is now available for purchase.

Tycho is a uniquely powerful malware forensics tool suite which aids and expedites the work of manual malware analyst and software reverse engineers – a malware debugger on steroids.

Read more...


Windows on iSCSI - Part 3/3

March 26, 2018

As an important step towards automating the creation of Windows disk images, we will take a closer look at the Critical Device Database (CDDB) inside the Windows registry. The goal is to transform any locally installed instance to be bootable from iSCSI without having to run a full installation onto an iSCSI disk before.

Read more...


Windows on iSCSI - Part 2/3

March 12, 2018

In this article, we will describe how an ordinary Windows 7 installation can be converted to be booted from iSCSI. We will cover the particularities of the Windows network boot process and and elaborate on the differences to the normal boot. We then describe our solution using some registry modifications.

Read more...


Windows on iSCSI - Part 1/3

February 26, 2018

This series of three posts is about installing Windows 7 on an iSCSI disk. In this first article, we install it using qemu and iPXE and cover some of the pitfalls and particularities of this install method, as well as the topic of duplicating the resulting disk for use in machines of the same type. Two more follow-up posts will cover details of the network boot process, leading to a method of converting an existing installation to be iSCSI-bootable.

Read more...


Tracking file system access of individual processes

February 5, 2018

In the last article, we have shown how to interrupt a process running in an unpatched Windows system on top of the Cyberus virtualization platform before it executes specific system calls using the Tycho Python API. This time, we demonstrate how to implement a short but useful script that logs which files are accessed by a process of our choice.

Read more...


Windows system call parameter analysis

January 22, 2018

Due to its introspection capabilities, the Cyberus virtualization platform is able to analyze Windows system calls. In this article we demonstrate how simple it is to extract system call parameters out of a running windows machine with Python using the Tycho API.

Read more...


Simple DLL injection detection

January 4, 2018

In this article we are going to play with a DLL injection tool on a Windows system that is running on top the Cyberus Virtualization Platform. Using the Tycho Python API, we will see how dead simple it is to check if a process has been subject to DLL injection.

Read more...


Meltdown

January 3, 2018

Meltdown is an attack on the general memory data security of computers with the Intel x86 architecture. Two members of the founder team of Cyberus Technology GmbH were among the first experts to discover this vulnerability. This article describes how Meltdown actually works and also examines the mitigations that have been patched into the most widespread operating systems while the information embargo was still intact.

Read more...


Fun with Python and Tycho

January 2, 2018

This article demonstrates how simple it is to setup our analysis tool Tycho and plays with the Tycho Python API in order to outline its potential. We will pause and resume processes, read interesting process information, and inject errors using the Tycho Python API.

Read more...