Wednesday, April 15, 2015
MiddleEastMalware: CyberAttack 1
MiddleEastMalware: CyberAttack 1: Attack vector: Victims receive it as malicious links in emails. The email above translates as " A new leak for the Egyptian pres...
MiddleEastMalware: Cyber Attack 4
MiddleEastMalware: Cyber Attack 4: The attack of this post is from the same attack group as in Cyber Attack 1 and Cyber Attack 2 . The attack vector is a malicious emai...
Monday, April 13, 2015
Blaze's Security Blog: Remediate VBS malware
Blaze's Security Blog: Remediate VBS malware: I have developed a small tool that will aid you to remove VBS malware from a machine or in a network. I made this some months ago when I sa...
Tuesday, April 7, 2015
Windows Incident Response: Windows Event Logs
Windows Incident Response: Windows Event Logs: Dan recently tweeted: Most complete forensics-focused Event Log write-ups? # DFIR I have no idea what that means. I'm going to assu...
Monday, April 6, 2015
Malware Must Die!: MMD-0031-2015 - What is NetWire (multi platform) R...
Malware Must Die!: MMD-0031-2015 - What is NetWire (multi platform) R...: The background It has been a talk internally in our group about a RAT (Remote Access Trojans) commonly found and used by crook called "...
Thursday, April 2, 2015
A Few Thoughts on Cryptographic Engineering: Truecrypt report
A Few Thoughts on Cryptographic Engineering: Truecrypt report: A few weeks back I wrote an update on the Truecrypt audit promising that we'd have some concrete results to show you soon. Thanks to so...
Wednesday, April 1, 2015
Dynamoo's Blog: Malware spam: "Australian Taxation Office - Refund...
Dynamoo's Blog: Malware spam: "Australian Taxation Office - Refund...: This fake tax notification spam leads to malware hosted on Cubby. From : Australian Taxation Office [noreply@ato.gov.au] Date : ...
Monday, March 30, 2015
Dynamoo's Blog: Malware spam: "Invoice ID:12ab34" / "123"
Dynamoo's Blog: Malware spam: "Invoice ID:12ab34" / "123": This terse spam has a malicious attachment: From: Gerry Carpenter Date: 25 March 2015 at 12:58 Subject: Invoice ID:34bf33 1...
Monday, March 23, 2015
Malware Analysis: The Final Frontier: Data Obfuscation: Now you see me... Now you don't....
Malware Analysis: The Final Frontier: Data Obfuscation: Now you see me... Now you don't....: Introduction This blog post shows how malware authors use Adobe Flash files to hide their creations' ' sensitive ' data. I'...
Saturday, March 21, 2015
Scrutiny from an Inquisitive mind: Defeating EMET 5.2
Scrutiny from an Inquisitive mind: Defeating EMET 5.2: Since my last post, i thought if Malware Bytes Anti Exploit can be bypassed in a targetted attack why not work on bypassing EMET using rop ...
Friday, March 20, 2015
Dynamoo's Blog: Something evil on 85.143.216.102 and 94.242.205.10...
Dynamoo's Blog: Something evil on 85.143.216.102 and 94.242.205.10...: I will confess that I don't have much information on what this apparent exploit kit is or how it works, but there seems to be somethin...
Thursday, March 19, 2015
Dynamoo's Blog: Malware spam: "sales@marflow.co.uk" / "Your Sales ...
Dynamoo's Blog: Malware spam: "sales@marflow.co.uk" / "Your Sales ...: This spam run pretends to come from Marflow Engineering but it doesn't, instead it is a simple forgery. Marflow are not sending out t...
Wednesday, March 18, 2015
Jump ESP, jump!: Thousand ways to backdoor a Windows domain (forest...
Jump ESP, jump!: Thousand ways to backdoor a Windows domain (forest...: When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of follo...
Dynamoo's Blog: Malware spam: "December unpaid invoice notificatio...
Dynamoo's Blog: Malware spam: "December unpaid invoice notificatio...: This spam comes with no body text, but does come with a malicious attachment. From : Korey Mack Date : 18 March 2015 at 11:04 ...
Subscribe to:
Posts (Atom)