Q: Why is your website so basic in its design?
A: Neither of us are designers. Whilst one of us is a professional web developer with several years' experience working with several large companies, we have decided that it was better to keep our web design simple. We subscribe to the so-called "old skool" mentality... we want a fast loading website, straight to the point and unbelievably quick to load. Not only that, but we feel we should be judged on our content rather than how "flashy" and shiny we can make our website, something which, in the days of broadband, seems to have been lost on the general populace. If you prefer, we could throw in a few <marquee> tags? lol ;)
Q: Why have you chosen .NET to focus on?
A: Well, why not? People have been developing exploits in ASM and/or C/C++ for longer than we've been alive! Whilst this is a worthwhile avenue to persue, we think it is more interesting to persue the possible problems with Microsoft's latest set of languages, the .NET framework. Bearing in mind that this framework is an integral part of MS' latest Operating Systems, it seems an interesting route to take. Especially given that most of the C# "viruses" we have managed to come across so far have been little more than the old .vbs tricks of deleting files for little more effect than pissing off a user.
Our research is different - we are trying to mix "old skool" with up and coming technologies, bringing the 80's up to the 2010's.
Q: Why are you using your real names? Why do you believe in full disclosure, rather than just releasing your code into the wild, or onto another website?
A: We are disillusioned with the new generation of "uber-133t h4x0rz" which seem to have taken over the "scene". Admittedly, there are many, many brilliant people out there doing much better research than we could muster. The problem is that almost all of those people are mercenaries working underground. To our mind, security research and exploit development should be free and open. Our work is done under the spirit of which we raised ourselves and were raised - basically outlined in The Hacker Manifesto back in 1986. We do this not for malicious purposes, but purely because we CAN. We see it as part of our responsibility in doing it to make the people who it affects (both the OS and AV companies and the general public) fully aware of what can be done. I would put money on it that if *we* have managed to do it, some of those brilliant minds out there have also done it. The only difference is that we see it as a duty to inform rather than release.
Q: Why "Mandy"?
A: When the "Mandy" project was first thought up, it was originally to be called "Bliar" (and no, that isn't a typo!) - To give some form of context, this project was thought up in the first week of Vista's release - it took us until Windows 7 had been out for over 6 months to finally get around to coding it.
All of our projects will be named after the most disgusting and "shady" politicians in British politics we can think of... If for no other reasons than no-one trusts those fuckers and that we will never run out of names :)