Owning the cloud: virtualization software is full of bugs

March 30, 2009

An intersting paper on Virtualization bugs, an intersting field where couldbe produced new Ati-Emulation Techniques:


Giuseppe ‘Evilcry’ Bonfa’

Qt labs released source code of Embedded Widgets Demo

March 28, 2009


Another great new from Qt, recently has been released Embedded Widgets Demo


and here the Source Code


Giuseppe Bonfa’

0ffensiveC0ding updated – Emulation/AV Awareness

March 21, 2009


Thanks to Gunther for ARTeam here we have some new Anti-Emulation open source functions, I’ve uploaded these on my OffensiveCOding section:

here a quick list of the functions:

Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized.
Anti-NOD32 -> sse1 instruction which nod32 cannot emulate.
IsEmulator -> Timings Attack to Emulator Environement.
IsCWSandBox -> Check if CreateProcess is hooked.
IsAnubis -> Check whether it is running within Anubis.
IsAnubis2 -> Check whether it is running within Anubis.
IsNormanSandBox -> NormanSandBox Awareness.
IsSunbeltSandBox -> Sunbelt Awareness.
IsVirtualPC -> VirtualPC Awareness.
IsVMware -> VMware Awareness.
DetectVM -> Check whether it is running in VMWare, VirtualBox using registry.
IsRegMonPresent -> Checking for RegMon by checking if the driver is  loaded in memory and by searching    for the window handle.

Here the link:


See you to the next post.. :)

Conficker C Analysis

March 20, 2009

Here a nice analysis of Conficker C



I’m Alive

March 20, 2009

After a long break caused to Work, I restarted to work on three basilar projects:

  • Elgamal CryptoReversing Paper
  • Gpcode Reversing
  • SpyOs – Qt Based

See you to the next post.. :)

Netsons Opened

March 7, 2009

Problem solved, http://evilcry.netsons.org now Up ‘n Running :)

Netsons killed my website

March 6, 2009


Netsons ( http://netsons.org ) killed my account, http://evilcry.netsons.org without any advice. I’m now without any website, I has 50% ready Elgamal CryptoReverse Engineering but thanks to Netsons I can’t pubish it.

I strongly recomend any person to use netsons, 0 seriousness.




Get every new post delivered to your Inbox.