Category Archives: malware

wtf

Posted on 13-Aug-2011 by .

Posted in apple, hardware & software, malware, microsoft | Tagged anti-virus, apple, vmware | Leave a comment

Lenny Zeltser, SANS Instructor, has released a customized distribution targeted at malware reverse engineers. From the REMnux page: REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As … Continue reading →

Posted in forensics, malware, news, security | Tagged ir, malware, tools | Leave a comment

Malware Analyzers

Posted on 17-Jun-2010 by .

(This article was originally published on June 9, 2009 — new resources added below) Do you ever receive a suspicious file via email or hesitant to download software from a webpage? You can upload the executable to one of the … Continue reading →

Posted in malware | 1 Comment

win32 memory capture & analysis cheat sheet

Posted on 14-Jun-2010 by .

A high level overview to perform live memory captures and analysis: capture memory via moonsol’s win32dd parse memory snapshot with mandiant’s memoryze analyze results via audit viewer or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation

Posted in forensics, malware, microsoft, pentest, security | Tagged ir, tools | Leave a comment

Analyzing Malicious PDF Documents

Posted on 20-Apr-2010 by .

So you want to get your feet wet? Grab Didier Stevens tools here: http://blog.didierstevens.com/programs/pdf-tools/ Grab malicious PDF samples here: http://www.malwaredomainlist.com/mdl.php?search=pdf+exploit&colsearch=All&quantity=50 *Be careful, these are live samples! Video Tutorial: Didier on analyzing a PDF Document: http://www.youtube.com/v/tHVi2wKCkTc You’re going to run into … Continue reading →

Posted in forensics, malware, news, security | Tagged javascript, malware, pdf, re, tools | Leave a comment

Malware authors: Best storage / hiding locations

Posted on 26-Jan-2010 by .

Have you just injected a running process’ memory? In most cases, unless your an adept author and have written a root-kit you want your malware to remain persistent via auto-run, registry, start-up etc. Where do you store your persistent launcher? … Continue reading →

Posted in malware, security | Leave a comment

‘Analyzing Malicious Documents’ cheat sheet

Posted on 7-Dec-2009 by .

Just saw this at the Internet Storm Center…Analyzing Malicious Documents Cheat Sheet Some really great info covering Microsoft Office documents and PDFs. Mentions some useful tools to help with analysis and the general approach to be followed depending on type … Continue reading →

Posted in malware | Leave a comment

Zeus/Zbot Information and Tracking the Banking Trojan

Posted on 20-Oct-2009 by .

Zeus is a crimeware kit, which steals credentials for various online services like social networks, online banking accounts, ftp accounts, email accounts and other (phishing). The web admin panel can be bought for $700 and the exe builder for $4000. … Continue reading →

Posted in malware | Leave a comment

Malware Analyzers Part deuce

Posted on 17-Jul-2009 by .

Several weeks ago I posted about different free malware analyzers (sandbox environments). I’ve stumbled across another free tool from Mandiant which is their Red Curtain offering. Red Curtain will scan a given local directory or drive and analyze each file … Continue reading →

Posted in hardware & software, malware | Leave a comment