Analysis of malicious VBA code from Emotet Maldoc containing PowerShell downloader.
Emotet Malware PowerShell Obfuscation & Evasion Review
Review of recent Emotet Maldoc obfuscation & evasion techniques
Reverse Engineering A DOSFuscated Document
ISC Handler Didier Steven has created numerous tools for analyzing ole files.
Emotet Malware Delivery Botnet
The Emotet Malware Delivery Botnet is utilizing a combination of obfuscated VBA scripts, macros, and powershell instructions to evade antivirus defenses while relying on social engineering in order to successfully exploit target systems as user intervention is mandatory in the
Malicious PHP Upload Attempts
Malicious PHP upload attempts have been ramping up over the past week. I am beginning to wonder if we are starting to see some more activity from botnets, possibly related to recent DSL & GPON exploit attempts (D-Link & DSL-2750B).
Exploits in the Wild 8/12/2018
I thought about writing up a short article on exploitation attempts I have been seeing in the wild. This website, services.vcodispot.com, and associated .onion versions sit behind Suricata IPS. Suricata is an open source Network Intrusion Detection System (IDS) or
Maltego Disinformation Campaigns
This article written on Null-byte.wonderhowto, goes into detail on how Maltego could be used to launch a disinformation campaign. The write up covers watching conversations, finding key players and trending information, identifying social media channels for jamming, and sentiment analysis.
Accessing Windows Workstations (Updated 6/4/2018)
Accessing Vulnerable Windows Workstations on Network. (Updated 6/4/2018) Microsoft has taken preventative measures against vulnerabilities that exist with SMBv1 by no longer including the network protocol after the Windows 10 Fall Creators Update and Windows Server, version 1709
Snort .VS. Suricata
This video is a comparison between Snort and Suricata Network Intrusion Detection Systems. Suricata’s output is comprised of multiple files for each type of traffic. With the suricata.yaml file different output options can be configured. Some output data includes DNS
Data Dump(dd) to Create a Forensic Image with Linux
Data Dump(dd) to Create a Forensic Image with Linux There are a few Linux distributions designed specifically for digital forensics. These flavors contain examiner tools, and are configured not to mount (or mount as read only) a connected storage