The Case of the Tricky Tool

The Case of the Tricky Tool

| | document, Malware Analysis
Looks can be deceiving. There are times when you think an analysis is going to be easy, and everything points in that direction, until you hit a snag. This happens. Sometimes you've made an assumption that is wrong, sometimes there is a little trick the attacker is doing, and sometimes ... Read More
Document Analysis - 2018-newsletters.xls

Document Analysis – 2018-newsletters.xls

| | document, Malware Analysis, training
Today I received what was clearly a malicious document in my email, so to celebrate the publishing of my second PluralSight course - Performing Malware Analysis on Malicious Documents - I thought I'd go through the analysis of the document.The document came in as an attachment in email and was ... Read More

Malware Analysis Course on Pluralsight!

|
Since 2010, I have been running my Introduction to Malware Analysis course at various conferences and organizations, and have taught over 200 students. I've heard from many of my former students that they've used what they learned in the course to help them successfully combat malware in their organizations - ... Read More
Malicious DNS Namespace Collisions

Malicious DNS Namespace Collisions

|
Over the last few weeks, I've noticed a problem come up again in multiple places that I first saw many years ago and apparently is still very common - DNS Namespace Collisions. DNS namespace collisions occur when a private domain name is able to be resolved on the public Internet; ... Read More

MASTIFF Online

|
MASTIFF has been a pet project of mine for about two years now. While it has not progressed as far as I would have liked, we made a major announcement this week.On Monday, a free online interface to MASTIFF was released at https://mastiff-online.korelogic.com/. This interface allows anyone to upload files, ... Read More
Installing Yara into IDA Pro 64-bit Linux

Installing Yara into IDA Pro 64-bit Linux

|
tl;dr Install a 32-bit VM, compile Yara, copy files over. See link below for files to just install. Last Friday, pnX posted that he updated his awesome IDA plug-in, IDAScope, to include Yara support. This means that you can now run Yara sigs against files you are reversing to help ... Read More

Installing BinDiff on Linux Mint 14

|
I recently upgraded my system to Linux Mint 14 and went about re-installing all my software. When I got to Zynamics/Google BinDiff, I found I had an issue:$ sudo dpkg -i bindiff401-debian50-amd64.debSelecting previously unselected package bindiff.Unpacking bindiff (from bindiff401-debian50-amd64.deb) ...dpkg: dependency problems prevent configuration of bindiff: bindiff depends on sun-java6-jre; however:  ... Read More

My Take on the City of Akron Hack

|
On Thursday, May 16, 2013, a Turkish hacking group called Turkish Ajan hacked into the City of Akron and released a number of files that contain personal information on a number of Akron citizens. According to the city, the attackers were able to gain access into some internal systems where ... Read More

MASTIFF 0.6.0 Released!

|
The latest version of MASTIFF, 0.6.0, has just been released! Run over to the download site and grab the latest version!The official changelog is located here, but the major improvements are described below.Upgrading MASTIFF to the latest version is easy. You can follow this process:Download and install pydeep. Download MASTIFF ... Read More
MASTIFF: Automated Static Analysis Framework

MASTIFF: Automated Static Analysis Framework

|
Malware analysis is a process that begs to be automated. Messing up one step or running one tool incorrectly can cause you to have to restart the entire process. Fortunately, there are a number of automation frameworks or systems, such as Cuckoo or Threat Expert, that exist to help automate ... Read More
Loading...