Cyber Security Challenge Belgium 2015 – Solving the One Way challenge

This is the third blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking on a very technical challenge: One Way. Data Extraction The challenge The following challenge description was given to the students: "We want our employees to be able to send us confidential information which only we [...]

Cyber Security Challenge Belgium 2015 – Solving the Data Extraction challenge

This is the second blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking a look at the Data Extraction challenge. Data Extraction The challenge The following challenge description was given to the students: "We messed up and contacted the wrong forensic department. They say they found data, but [...]

Cyber Security Challenge Belgium 2015 – Solving the SFTP challenge

Two weeks ago, we proudly organised the Cyber Security Challenge Belgium 2015 (CSCBE). The CSCBE was a typical Capture-The-Flag (CTF) competition aimed at students from universities and colleges all over Belgium. During the competition, teams of three or four students had to tackle different technical challenges in order to prove their skills. In the following [...]

Open sourcing bootloader unpacker and imgdata tools for Nexus 4, 5 and 7

NVISO is proud to open source in collaboration with Christophe Beauval a tool suite to unpack the Nexus 4, 5 and 7 factory bootloader.img as well as code to work with Nexus 5's imgdata.img and scripts to dump what's in the flash of the Nexus 5 and write back to it. We are not aware [...]

The GHOST vulnerability

A serious problem in the Linux glibc library went unnoticed for almost 15 years. A simple coding mistake introduced into the code in November 2000 leaves servers including e-mail servers vulnerable to remote code execution. A buffer overflow in the GNU C Library function __nss_hostname_digits_dots(), which is called by the well used gethostbyname*() functions makes [...]

Testimony from Nick Van Haver – looking back on my internship at NVISO

Hi, my name is Nick Van Haver and I am a master student in computer sciences at the University of Ghent and I have just finished a one month internship at NVISO. In this post I want to reflect a bit on my 6 weeks of internship! Why NVISO? Actually I stumbled upon NVISO while [...]

Round-up of our team trip to Las Vegas! (BlackHat, Defcon)

Last week, the technical team at NVISO returned from an amazing trip to Las Vegas, where we attended both Black Hat USA 2014 & Defcon 22. You can check out our group picture below - one of the rare occasions in which you won't see us "suit up"! 😉 NVISO's technical team posing at BlackHat [...]

ApkScan now supports e-mail notifications!

We are happy to announce that ApkScan now supports e-mail notifications! After uploading a sample at http://apkscan.nviso.be, you now have the option to fill in your e-mail address. Once the sample has been analyzed, you will instantaneously receive an e-mail containing a link to the malware analysis report!  After checking the box, you will be requested [...]

NVISO ApkScan – our first malware PDF report now available for download!

We are really happy with the attention and traction that NVISO ApkScan has gained over the past 12 months, and even more so with the interesting analysis data that has resulted from over 1.600 user-submitted Android applications. We have analysed all the samples uploaded in 2013, and have gathered some interesting numbers, graphs and insights [...]