A new type of malware found on the wild called SmallB

Sceptive has found a new brand of malware called SmallB during an incident investigation. After initial analysis, we have detected C&C servers for the malware but could not find any major clue about whereabouts or origins of the attackers. Due to our contact with service providers and financial corporations and banks that malware targeted, we observed that C&C servers went down immediately without a trace.

Main targets are mostly Eastern European and Turkish financial institutions including stock brokerage firms and commercial banks. SmallB injects various methods into login pages to pass over two-factor-authentication to retrieve confidential information and access to account pages.

It is spotted that attackers was using zero-day exploits such as CVE-2015-3113 and CVE-2016-1001 for Adobe Flash Player and CVE-2016-0034 for Silverlight on server-side to install SmallB to the victims. Also it uses RDP protocol attacks to transfer itself from one victim to another. And copies itself to shared folders and other drives to get incidentally run by other victims.

read more

Unpatched Atlassian products still reign over a critical security flaw

Atlassian released a security advisory nearly 8 months ago and released patches for a very critical vulnerability contained nearly all web based products.

Description of vulnerability was not sufficent for potential black hats but given patches leaked all the details they need. Any average level attacker would understand components of the issue when patches downloaded and compared with previous releases. But some advanced capabilities required to figure out how and where to attack.

And here we tell a little bit more about the attack to make users aware of the threat.

read more

Sceptive is looking for Jedi Knights.

Sceptive is respected, international company based on Istanbul which works only with underground talents. What we actually do is just hacking big corporations for good. That's all. After we hack a company, we do not give any harm but notice officials to fix the vulnerabilities. We create trusted relationships and work hard to protect them against Sith Lords.

Sadly to say that the term "hacker" has been ruined away by phishers, imitators, journalists, holywood and script-kiddies.

Our call is for real ones.

What you will be doing?

Just hacking highly secure systems all the time.

What you need for this position?

  • NOT having an academic degree is a PLUS.
  • NOT having CEH, OSCP, GIAC (GPEN) or other information security certifications is a PLUS.
  • We do not have an office so you need your own computer, working environment and internet.
  • At least 5 years of programming experience is REQUIRED.
  • Experience on IOS and Android is a PLUS.
  • Reverse engineering and binary patching experience is REQUIRED.
  • We do not have working hours. So reachability at any time is REQUIRED.
  • Ability to travel world-wide is a PLUS.
  • Applicant should be aware of Jedi Order
  • Speak and read in German or Arabic or Dutch or French or X86 Assembly is a PLUS.

Sceptive considers all applicants without regard to race, CPU, color, creed, religion, national origin, laptop model, sex, age, bandwith, gender identity, marital status, sexual orientation, use of a guide dog or service animal, fanaticism to/against Apple and/or Microsoft and/or Linux, physical and mental disability, military/veteran status or any other group protected by human rights.

If you are interested please post your CV to root {at} sceptive {dot} com or just get in touch with us by mail if you do not like CVs at all.

read more

CVE-2014-3518 JBoss EAP/AS 5: Remote code execution


JBoss Application Server (JBoss AS) is an open-source, cross-platform Java application server developed by JBoss, a division of Red Hat Inc. JBoss AS is an open-source implementation of Java 2 Enterprise Edition (J2EE) that is used for implementing Java applications and other Web-based applications and software.

JBoss AS is released through Lesser General Public License. The JBoss.org community provides free support for this application server.

We have discovered that default installations of JBoss AS 5.x products prone to remote code execution attacks.

read more

Kyle: A password manager for paranoids.


For a password manager kyle differs with the others in two points;

  • It doesn't store any password so there is no file to steal and crack for attackers
  • So you can't store any given password from 3rd parties but demand your own

And kyle differs with password generators with;

  • Generated passwords are not random but a brute-force method can take trillions of years to crack just one

    For example on the test vectors Bill Gates' password tooks 12.11 secs on a MacBook Pro Early 2013 with 2,4 GHZ Intel Core i7. So even for a lazy master-key with 8 chars includes small-case-letters and numbers 36^8+36^7+36^5+36^4+36^3+36^2+36 equals 2901713047668 combination with 12.11 secs per combination try leads to 1,114,274 years to try all combinations.

  • It doesn't use any specific hash or encryption algorithm although it uses mixture of them by an algorithm to choose which generated from info and master-key.

read more