A ELF file was recovered from GPON Router authentication bypass and command injection attempt.
In light of Emotet Malware Botnet spam increasing post holidays I thought it appropriate to take the time to review the more recent obfuscation & evasion techniques observed from Microsoft Word Documents included as attachments or links in the malspam
Didier Steven is a Senior Handler at the Internet Storm Center ISC. He has a GitHub account with numerous Python scripts for analyzing ole files. https://github.com/DidierStevens https://github.com/DidierStevens/DidierStevensSuite/blob/master/oledump.py Using oledump.py I began analyzing a malicious Microsoft Word Doc named “IRS Verification
The Emotet Malware Delivery Botnet is utilizing a combination of obfuscated VBA scripts, macros, and powershell instructions to evade antivirus defenses while relying on social engineering in order to successfully exploit target systems as user intervention is mandatory in the
Malicious PHP upload attempts have been ramping up over the past week. I am beginning to wonder if we are starting to see some more activity from botnets, possibly related to recent DSL & GPON exploit attempts (D-Link & DSL-2750B).
I thought about writing up a short article on exploitation attempts I have been seeing in the wild. This website, services.vcodispot.com, and associated .onion versions sit behind Suricata IPS. Suricata is an open source Network Intrusion Detection System (IDS) or
This article written on Null-byte.wonderhowto, goes into detail on how Maltego could be used to launch a disinformation campaign. The write up covers watching conversations, finding key players and trending information, identifying social media channels for jamming, and sentiment analysis.
Accessing Vulnerable Windows Workstations on Network. (Updated 6/4/2018) Microsoft has taken preventative measures against vulnerabilities that exist with SMBv1 by no longer including the network protocol after the Windows 10 Fall Creators Update and Windows Server, version 1709
This video is a comparison between Snort and Suricata Network Intrusion Detection Systems. Suricata’s output is comprised of multiple files for each type of traffic. With the suricata.yaml file different output options can be configured. Some output data includes DNS
Data Dump(dd) to Create a Forensic Image with Linux There are a few Linux distributions designed specifically for digital forensics. These flavors contain examiner tools, and are configured not to mount (or mount as read only) a connected storage