2014/11/17

Deobfuscation and beyond. ZeroNights-2014

    Our company conducts research on obfuscation and deobfuscation. Some results of our two-year research were presented at ZeroNights-2014:



Stay tuned! 

2014/09/22

2014/09/11

ReHIPS 1.2.0 demo was released

    Today we have released ReHIPS 1.2.0 demo.
    Chanegelog:
  • bugfix; 
  • DeployHelper was improved, MSI support was added; 
  • keyboard layout indicators were added on separate desktops; 
  • ReHIPS kernel and GUI were refactored and improved; 
  • RulesPack was refactored and extended.
    In accrordance to wishes of some of  ReHIPS users we publish video-tutorials which were made by one of our beta-testers.



    Also we created Youtube channel. We'll update it quite regulary with samples of ReHIPS usage.
    Stay tuned.

2014/08/29

Announcement of upcoming ReHIPS 1.2.0 release

    In this blogpost we'll speak about upcoming ReHIPS 1.2.0 release. We have been receiving a feedback on previous ReHIPS version for about a half a year. Many thanks to all who contacts us and helps improve ReHIPS.
    The upcoming ReHIPS 1.2.0 is not beta. We have tried to implement the most of the wishes and suggestions that we received from ReHIPS users. ReHIPS 1.2.0 is more stable and compatible than a previous one.
    Please note that as a result of the changes ReHIPS 1.1.0 Beta and ReHIPS 1.2.0 databases are not compatible. So, if ReHIPS 1.1.0 Beta is installed it's necessary to fully uninstall it (including all settings) before installing ReHIPS 1.2.0.
    ReHIPS 1.2.0 changelog:

  • bugfix;
  • DeployHelper was improved, MSI support was added;
  • keyboard layout indicators were added on separate desktops;
  • ReHIPS kernel and GUI were refactored and improved;
  • RulesPack was refactored and extended.

    We'll release ReHIPS 1.2.0 in two steps:
On the first one we'll release ReHIPS 1.2.0 Demo. It is free of charge but limited.
On the 2-nd one we'll start ReHIPS 1.2.0 full version sales.
    Stay tuned.

2014/03/18

ReHIPS 1.1.0 released

ReHIPS 1.1.0 Beta was released.
Changelog:
- Architecture was refactored and changed to multithreaded
- Separate desktops support was added to make system more secure
- Many small fixes and improvements
Demo-version restrictions were added:
- Limit for the restricted processes is 10

2014/02/21

Our talk at 17-th DCG meeting

    On February 11, 2014 we gave a talk about modern HIPS-es and Windows access control mechanisms internals at 17-th Defcon Russia Group meeting. We have been researching a lot of approaches to sandboxes creation during ReHIPS development. This research helped us make ReHIPS secure, fast, safe and ... compatible with Windows :) You can find the slides of our talk below.


2014/02/10

Announcement of upcoming ReHIPS 1.1.0 Beta release

    In this blogpost we'll briefly skim over some of new features of the upcoming ReHIPS 1.1.0 Beta release.
    First, ReHIPS 1.1.0 will be based on the new multithreading engine. This engine is more stable and faster than the previous one.
    Second, ReHIPS 1.1.0 will make your system much safer. In ReHIPS 1.1.0 restricted applications can be started on separate desktops. Switching between them is shown on the screenshot below.


    Separate desktops are necessary to prevent "sandbox escaping" using windows hooks. If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows and possibly execute arbitrary code in the context of allowed application.


    If DESKTOP_HOOKCONTROL access right was not set, then a restricted application may work incorrectly because runtime libraries use window hooks quite often. And even without this access right it's still possible to take screenshot of the current desktop.
    Being run on a separate desktop restricted applications can set any window hooks they want and take screenshots while other applications are safe and secure.
    We plan to release ReHIPS 1.1.0  Beta at the end of February. Stay tuned.

2014/01/21

First blogpost


               In our first blogpost we would like to write some words about our team. We are information security experts who decided to unite some years ago. We have been working on obfuscation, deobfuscation and antimalware technologies for more than 6 years.
               In April 2013 we founded ReCrypt Company. About a month ago we released beta-version of our Host-based Intrusion Prevention System - ReHIPS. The basic idea behind this project crossed our minds several years ago and it was developing during malware analysis. It's well known that classical signature antiviruses can be bypassed by malware in a lot of cases. ReHIPS is based on other principles and uses Windows built-in access control mechanisms to ensure system safety and data security. ReHIPS doesn't monopolize system protection. Instead it can be used with classical signature-based antivirus to increase protection efficiency.
               A demo version of ReHIPS is free for download from our site. This version is free of charge for noncommercial usage.