ivan's picture

How I got tech support scammers infected with Locky

tech support scam webpage
A few days ago, I received a panicked call from my parents who had somehow managed to land on a (now defunct) web page (snapshot here) claiming they had been infected by Zeus. This horrible HTML aggregate had it all: audio message with autoplay, endless JavaScript alerts, a blue background with cryptic file names throwing us back to Windows' BSoD days, and yet somehow it displayed a random IP address instead of the visitor's one.
After everyone had a good laugh on Twitter, I decided to call them to know more about what they hoped to accomplish.
ivan's picture

Broken Synapse: writing a DSO decompiler

I've been a huge fan of Frozen Synapse ever since it was released back in 2011. It's a strategy game which looks like chess, only players move their pieces at the same time and discover the outcome at the end of the turn.
Here's what I figured: like a poorly written piece of poker software, I thought it was likely that the game client received information about the position of enemy units that would give a tactical edge to anyone reading them.
ivan's picture

Bypassing the "testcookie" anti-webscraping protection

A few days ago, I noticed that ApkTrack (an Android app I maintain) could no longer query one of the websites it usually obtains data from.
The app works mostly through web scraping and once in a while, the target websites set up new countermeasures to prevent bots from accessing their contents (even innocuous bots such as this app). In this post, we'll see how the protection I encountered this week-end was bypassed.
Subscribe to Borderline RSS