Author Archives: pcsxcetrasupport3

About pcsxcetrasupport3

My part time Business, I mainly do system building and system repair. Over the last several years I have been building system utility's in vb script , HTA applications and VB.Net to be able to better find the information I need to better understand the systems problems in order to get the systems repaired and back to my customers quicker.

Decoding Java Script Walk Thru

This is from a request by Herbie Zimmerman‏ @HerbieZimmerman to show how my decoding process works to decode a script found on Payload Security by My Online Security‏ @dvk01uk (Twitter Link to Conversation https://twitter.com/Ledtech3/status/894672552341229568) Link to file download on Payload … Continue reading

Posted in Malware, security | Tagged , | Leave a comment

A look at the Magnitude Exploit Kit encoding

In this post I will be going thru the multiple ways that they use to encode 3 pages in the pcap. I will use the pacp available from Zerophage @Zerophage1337 located here https://zerophagemalware.com/2017/04/20/magnitude-ek-urls-from-14-20-april/ We will start with the initial get … Continue reading

Posted in Malware, Networking, security | Tagged , | 1 Comment

Angler Exploit Kit Steganography

When I first started working with exploit kits I started with Angler EK. I was learning how the redirect from the compromised site worked and building tools to decode them. Once you get to the exploit kit landing page then … Continue reading

Posted in Computer, Malware, security | Tagged , | Leave a comment

Ghost In The Wires Paperback Ciphers

I received the book in mid December 2013 as a early Christmas present and completed reading it on December 24th 2013 and then began working on the ciphers. I was first trying to copy all of the ciphers  by hand … Continue reading

Posted in Ciphers, Programming | Tagged | Leave a comment

A new version of the Rig EK

It looks like the developers of the Rig EK have been busy. In my last post Pulling apart Rig Exploit Kit we see the way the decompiled flash file looked. It used several action script files and used 2 different … Continue reading

Posted in Malware, Networking, security | Tagged , , | 3 Comments

Pulling apart Rig Exploit Kit

In the last post, A look at a cross bred Neutrino EK–Rig EK Flash file we see where the two exploit kits were merged into one. This one is pure Rig and looks the same on the surface as other … Continue reading

Posted in Malware, Networking, Programming, security | Tagged , | 1 Comment

A look at a cross bred Neutrino EK–Rig EK Flash file

A recent post by Jérôme Segura of Malwarebytes https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/08/neutrino-ek-more-flash-trickery/ Although this post showed the flash file being sent from the compromised site rather than a “Gate” is interesting. What is more interesting is what is inside of this flash file. … Continue reading

Posted in Malware, security | Tagged | 2 Comments