This content requires the latest Adobe Flash Player.

Please click here to download

Research

We believe research is the way to stay in the top of each kind of industry. It is even more important for the computer forensic industry, as this field is still emerging, and very quickly changing together with the technology. Please find below some of our research work that we decided to share with the community:

  • 2009-11-25 Making malicious PDF undetectable
    Quick decription of a technique that can be used to change the generated malicious PDF file to make it undetectable by the antivirus software.
  • 2009-11-03 Unobfuscating JavaScript
    A quick howto on un-obfuscating the JS code served with the drive-by exploits. As it turns out, the proper usage of severals tools makes it possible to break even the most complicated obfuscation.
  • 2009-06-27 Solaris NFS Server XDR handling vulnerability
    SIGNAL 11 discovered a serious Denial-of-Service vulnerability in Solaris NFS Server, during the security assesment of Solaris network components. This is a detailed analysis of the vulnerability and risks.
  • 2009-06-27 Solaris NFS Client Module Vulnerability
    SIGNAL 11 discovered a serious Denial-of-Service vulnerability in Solaris NFS Client, during the security assesment of Solaris network components. This is a detailed analysis of the vulnerability and risks.
  • 2004-10-12 Detection, prevenation and removal of rootkits
    A presentation from Andrzej's previous research work for CERT Polska. This one was presented at SECURE 2004 in Warsaw and concerns the usage of rootkit used in a high-profile real incident.
  • 2004-09-26 OpenSSH SLOG
    One time a customer wanted to have tool "recording" all the work done remotely via SSH by the outsourcing company. We deveoped a patch fot the SSH server to record all the sessions to a file and play them afterwards in a nice way.
  • 2003-12-22 EmailThief
    A proof-of-concept code prepared during a penetration test for a customer. This code makes use of Cross Site Scripting and social engineering to steel entire mailboxes of users of some polish mail providers.
  • 2001-11-20 SCO OpenServer HTFS Linux driver
    Data recovery case. Andrzej, as his master thesis, wrote a kernel driver for Linux to read the SCO OpenServer partitions. People are sometimes still asking for this driver, it's GPL-licensed, and can be downloaded here.
  • 2001-11-09 File Systems Implementation
    The master thesis of Andrzej. This talks about how to implement new file system drivers in Linux. We believe it is still worth to learn basic principles of file system internals (paper in Polish).