Profile

Cover photo
323 followers|321,281 views
AboutPostsPhotosYouTube

Stream

MalwareTech

Shared publicly  - 
 
What's Happening with Necurs, Dridex, and Locky?
Around the 8th of June VICE picked up the story about Necurs' downtime and wrote a great article including a tweet from Kevin Beaumont referencing my botnet tracker. I was contacted for comment and there's a few things i'd have liked to add but at the time ...
Around the 8th of June VICE picked up the story about Necurs' downtime and wrote a great article including a tweet from Kevin Beaumont referencing my botnet tracker. I was contacted for comment and there's a few things i'd ha...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Infosec Without a Degree
I've seen plenty blogs from people who got into infosec through the academic route, so i figured I'd cover the other side and try to answer the three most asked questions I get via email and twitter: "Do I need a degree to get a job in infosec?", "Will a de...
I've seen plenty blogs from people who got into infosec through the academic route, so i figured I'd cover the other side and try to answer the three most asked questions I get via email and twitter: "Do I need a degree to ge...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Let's Analyze: Dridex (Part 3)
Sorry for the longer than expected delay, occasionally the Dridex group will take the servers offline during the weekend and resume normal operations on Monday; however, it appears they decided to take an extended break as the network went offline at some p...
Sorry for the longer than expected delay, occasionally the Dridex group will take the servers offline during the weekend and resume normal operations on Monday; however, it appears they decided to take an extended break as th...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Let's Analyze: Dridex (Part 1)
Due to popular request I'm starting a new reverse engineering article series which will detail how I go about analyzing various samples, instead of just presenting my findings like I normally do. Most of the posts will be centered around IDA Pro (evaluation...
Due to popular request I'm starting a new reverse engineering article series which will detail how I go about analyzing various samples, instead of just presenting my findings like I normally do. Most of the posts will be cen...
2
Add a comment...

MalwareTech

Shared publicly  - 
 
Necurs.P2P - A Hybrid Peer-to-Peer Necurs Variant
Last week I received a tip about a sample displaying some indication that it could be peer-to-peer (a large amount of UDP traffic being sent to residential IPs), after a couple days of analysis I was able to confirm that not only was it peer-to-peer but als...
Last week I received a tip about a sample displaying some indication that it could be peer-to-peer (a large amount of UDP traffic being sent to residential IPs), after a couple days of analysis I was able to confirm that not ...
2
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Backdoored Ransomware for Educational Purposes
Here is an interesting article I found this week, it's about how A researcher released two pieces of 'educational' ransomware which were secretly backdoored in order to own some advanced and prolific cyber-criminals  a small number of scriptkiddies. There t...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
How Cerber's Hash Factory Works
Recently I saw a story on SecurityWeek  about how the Cerber ransomware morphs every 15 seconds (each download results in a file with a new has), which I then tracked back to the source, this article by Invincea. The initial article made some dubious claime...
Recently I saw a story on SecurityWeek about how the Cerber ransomware morphs every 15 seconds (each download results in a file with a new has), which I then tracked back to the source, this article by Invincea. The initial a...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Dridex Updates Payload Distribution
Dridex spreads mainly using Office documents containing malicious macros, initially the primary stage would involve using VBA (Visual Basic for Applications) to download and execute the loader from one of multiple servers, though this had some flaws. Antivi...
Dridex spreads mainly using Office documents containing malicious macros, initially the primary stage would involve using VBA (Visual Basic for Applications) to download and execute the loader from one of multiple servers, th...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Let's Analyze: Dridex (Part 2)
In the previous article  we went over how to dump the names of the majority of functions dridex resolves dynamically to complicate analysis. Today we will be using some similar methods to get the other main piece of the puzzle (encrypted string). Encrypted ...
In the previous article we went over how to dump the names of the majority of functions dridex resolves dynamically to complicate analysis. Today we will be using some similar methods to get the other main piece of the puzzle...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
DDoSing with Other People's Botnets
While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which I'd found to be beautifully ironic. After further...
While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which I'd found to be b...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
When Scriptkiddies Attack
Usually I don't blog about the hundreds of ridiculous or down right crazy emails I receive each year, but this exchange makes all the others seem completely reasonable in comparison. Normally my unwanted emails range from people asking obviously blackhat qu...
Usually I don't blog about the hundreds of ridiculous or down right crazy emails I receive each year, but this exchange makes all the others seem completely reasonable in comparison. Normally my unwanted emails range from peo...
1
Add a comment...

MalwareTech

Shared publicly  - 
 
Exploring Peer to Peer Botnets
Peer to Peer and Everything In between Back in October I'd gotten bored of the endless stream of cryptolockers and PoS trojan, so decided to look at something old school, that something was Kelihos. Since then, I've come to realize that P2P botnet monitorin...
Peer to Peer and Everything In between Back in October I'd gotten bored of the endless stream of cryptolockers and PoS trojan, so decided to look at something old school, that something was Kelihos. Since then, I've come to ...
1
Add a comment...
Story
Tagline
Malware Analysis, Security News, Reverse Engineering.
Introduction
A detailed look into security and malware related topics from both an offensive and defensive point of view.
Contact Information
Contact info
Email