invisson.blogspot.com
InviSSon: Invisible Security & Response: enero 2013
http://invisson.blogspot.com/2013_01_01_archive.html
InviSSon: Invisible Security and Response. Viernes, 11 de enero de 2013. Volatility VS Citadel 1.3.4.5. As a forensic and malware analyst, I have always been a big fan of Volatility. Coded memory analysis tool that keeps growing day by day. Thus, since I read Michael Ligh's. On his blog about the extraction of the ZeuS'. Encryption keys, I was willing to try out the same thing with another malware family as well. I’ve chosen Citadel. That 1.3.5.1 could be the last we see) or other families. Note: In ZeuS...
invisson.blogspot.com
InviSSon: Invisible Security & Response: Volatility VS Citadel 1.3.4.5
http://invisson.blogspot.com/2013/01/volatility-vs-citadel-1345.html
InviSSon: Invisible Security and Response. Viernes, 11 de enero de 2013. Volatility VS Citadel 1.3.4.5. As a forensic and malware analyst, I have always been a big fan of Volatility. Coded memory analysis tool that keeps growing day by day. Thus, since I read Michael Ligh's. On his blog about the extraction of the ZeuS'. Encryption keys, I was willing to try out the same thing with another malware family as well. I’ve chosen Citadel. That 1.3.5.1 could be the last we see) or other families. Note: In ZeuS...
spywarehunt.blogspot.com
Spyware Investigations: January 2006
http://spywarehunt.blogspot.com/2006_01_01_archive.html
Adware malware spyware viruses. Tuesday, January 24, 2006. Hide, Go Seek. Where could I find hidden files? There's the "hidden" attribute. The hidden attribute can be set on directories, not just files. Sigcheck -s -v c: result.csv. Suspect recent files in C: Winnt System32 (or C: Windows System32). The date stamp is rarely modified. Similarly, suspect recent files in C: Winnt (or C: Windows) and in the user's temporary files (C: Documents and Settings. Dir "C: Winnt Downloaded Program Files" /s. S hfind...
spywarehunt.blogspot.com
Spyware Investigations: February 2006
http://spywarehunt.blogspot.com/2006_02_01_archive.html
Adware malware spyware viruses. Saturday, February 25, 2006. How spyware gets installed (2). Misspell "pot roast" as "poy roast" when searching for pot roast recipes. Notice that the web sites returned were designed to match misspelled words. If you are unfortunate enough to select pot-roast-recipes.ioust.behavest.net, you find yourself trapped in a loop that tries to install software from WinSoftware Corporation, Inc. Andreas Tores andreas@winouxis.com. Direccion General de Areas Protegidas. Block traff...
remnux.org
Running REMnux-Provided Images - REMnux Docs
https://remnux.org/docs/containers/run-apps
Get the REMnux Distro. Tools Installed on REMnux. Using REMnux and Its Tools. Running REMnux in a Cloud. Docker Images for Malware Analysis. Google's V8 JavaScript Engine: remnux/v8. Thug Low-Interaction Honeyclient: remnux/thug. CRITs Collaborative Malware and Threats Repository: remnux/crits. Viper Binary Analysis Framework: remnux/viper. Rekall Memory Forensic Framework: remnux/rekall. JSDetox JavaScript Analysis Tool: remnux/jsdetox. Radare2 Reverse Engineering Framework: remnux/radare2. Also, whenev...
spywarehunt.blogspot.com
Spyware Investigations: Block access to InterCage and Inhoster
http://spywarehunt.blogspot.com/2006/01/block-access-to-intercage-and-inhoster.html
Adware malware spyware viruses. Saturday, January 21, 2006. Block access to InterCage and Inhoster. InterCage Inc.: 69.50.160.0/19 (69.50.160.0 - 69.50.191.255). Inhoster: 85.255.112.0/20 (85.255.112.0 - 85.255.127.255). Use your firewall to block access. If you have no firewall, use route commands to divert traffic. Sample route commands (appropriate for some Windows users):. Route -p add 69.50.160.0 mask 255.255.224.0 192.168.100.51. Mentions this. ZDNet malware. Http:/ www.mnin.org/. Http:/ www.li...
privatecore.com
PrivateCore
https://privatecore.com/blogs/index.html
Linux Malware by the Numbers. July 22, 2014. A key point to consider when looking at Linux malware is that it’s mostly targeting servers. When you compare threats to servers against those targeting client systems, the common exploitation vectors are typically different, in addition to heavy reliance on system administrators’ skill and meticulousness. What were the major Linux malware incidents in recent years? Here’s the data I collected for the last 3 or so years:. 2011 kernel.org hacked. Linux-running ...
spywarehunt.blogspot.com
Spyware Investigations: April 2006
http://spywarehunt.blogspot.com/2006_04_01_archive.html
Adware malware spyware viruses. Monday, April 17, 2006. At-risk user behavior, or innocent user behavior? 2hjbnet downloads ms0311.jar, which includes Installer.class, which includes an exploit of the vulnerability addressed by the Micorosft Java Virtual Machine security update security bulletin MS03-011. Www2hjb.net/ms0311.jar (Installer.class) JAVA BYTEVER.BE. 2hjbnet had been registered the day before. It is apparently a Lithuanian. Job placement company. Owned by Robin Lee of Emeryville, CA? Iframe s...
SOCIAL ENGAGEMENT