One week ago today, the Shadow Brokers (an unknown hacking entity) leaked the Equation Group’s (NSA) FuzzBunch software, an exploitation framework similar to Metasploit. In the framework were several unauthenticated, remote exploits for Windows (such as the exploits codenamed EternalBlue, EternalRomance, and EternalSynergy). Many of the vulnerabilities that are exploited were fixed in MS17-010, perhaps […]
DOWNLOAD SHELLCHECK https://github.com/koalaman/shellcheck ShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh shell scripts. The goals of ShellCheck are To point out and clarify typical beginner’s syntax issues that cause a shell to give cryptic error messages. To point out and clarify typical intermediate level semantic problems that cause a shell to […]
Our Previous post talked about the initial overview of the Shamoon 2.0 sample .This analysis is a continuation of our last post but with a more insight on the working and behavior of the malware. There are 3 components which are linked with one another which makeup Shamoon 2.0 single malware. We have analyzed each […]
Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on run time indicators of malware. In a nutshell, it allows you to run your malware, hit a key press, and get a simple text report of the sample’s activities. The tool allows you to not only run […]
Noriben is a python based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In short, it allows you to run your malware, and get a simple text report of the malware’s activities. This tool only requires Sysinternals procmon.exe (or procmon64.exe) to operate. Noriben is an ideal solution […]
There are a great many tools available to help quickly analyze the behavior of mobile malware samples. In the case of Android, one such app is AppMon.
MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals. Features supported Reverse engineer apk files to smali, java jar […]
.—. .———– / __ / —— / / ( )/ —– ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ‘ / ` — ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : — ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / /` ‘– By HaHwul // //..\ www.hahwul.com ====UU====UU==== https://github.com/hahwul/droid-hunter ‘//||\` ”“ DROID-HUNTER 1. DROID-HUNTER […]
Just another manual code analysis tool and static analysis tool Codewarrior runs at HTTPd with TLS, uses KISS principle( https://en.wikipedia.org/wiki/KISS_principle ) Directories: web/ = local of javascripts and html and css sources src/ = C source code, this code talking with web socket eggs/ = external modules to search codes using regex conf/whitelist.conf = list […]
We should always think twice before running an unknown program downloaded from the Internet. Of course not every application is dangerous, but it’s all too easy to find a malicious program which will exploit our naivety – and that could cost us dearly. Let’s see how we can analyse the behaviour of an unknown program […]
As Windows 10 nears its one year anniversary, WeLiveSecurity gives an in-depth review of the operating system from a security and privacy perspective.
In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, discusses ESET’s Diego Perez.
ESET researchers have found a large campaign of malicious porn clicker type apps on Google Play. These trojans belong to a single family of malicious apps masquerading as popular games and/or applications. They are designed and systematically modified to bypass Google’s security checks.
Lately the threat actors behind Dridex malware have been very active. Across all the recent Dridex phishing campaigns the technique is the same. All the Microsoft Office documents containembedded macros that download a malicious executable from one of many hard coded URLs. These hard coded URLs normally point to websites owned by legitimate people. The site […]
My last on-topic post pontificated about the dangers and surprise of letting third parties into your house or codebase, where I discussed the addition of a TV DVR system to my home network. In this post, I’m going to go into some details about what I found on the network for the pure pleasure of it […]
Risk analysis is the first step towards managing risks, particularly when it comes to cyber risks. This recorded webinar introduces and explains key concepts, with links to several useful risk assessment tools.
Win32/Corkow is banking malware with a focus on corporate banking users. We can confirm that several thousand users, mostly in Russia and Ukraine, were victims of the Trojan in 2013. In this post, we expand on its unique functionality.
In this blog post, we provide an in-depth analysis of Linux/Ebury – the most sophisticated Linux backdoor ever seen by our researchers. It is built to steal OpenSSH credentials and maintain access to a compromised server.
Websites though being secured remains at a risk of getting attacked in one or the other way. Internet is coming up with a new attack almost every day, Phishing, Sniffing, Snooping, hijacking, identity hacking are to name a few. Authentication hacking is one such type of attack. As we all know that authentication is very […]
In this 3rd Hesperbot blog post we’ll look at the most intriguing part of the malware – the way it handles network traffic interception.
Win32/Spy.Hesperbot is a new banking trojan that has been targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. For more information about its malware spreading campaigns and victims, refer to our first blog post. In this post we’ll cover the technical details of the malware, including the overall architecture, as well as the mobile component.