Category Archives: Networking
Those Pesky Powershell Shellcode’s And How To Understand Them
Shellcode comes in various forms for different operating systems. Some can just be dropped into a hex editor and get the needed understanding what it is doing , some may require looking at the generated assembly code generated by a … Continue reading
A look at the Magnitude Exploit Kit encoding
In this post I will be going thru the multiple ways that they use to encode 3 pages in the pcap. I will use the pacp available from Zerophage @Zerophage1337 located here https://zerophagemalware.com/2017/04/20/magnitude-ek-urls-from-14-20-april/ We will start with the initial get … Continue reading
A new version of the Rig EK
It looks like the developers of the Rig EK have been busy. In my last post Pulling apart Rig Exploit Kit we see the way the decompiled flash file looked. It used several action script files and used 2 different … Continue reading
Pulling apart Rig Exploit Kit
In the last post, A look at a cross bred Neutrino EK–Rig EK Flash file we see where the two exploit kits were merged into one. This one is pure Rig and looks the same on the surface as other … Continue reading
De-obfuscating Cerber Malspam file
On July 1’st 2016 I seen a tweet by Herbie Zimmerman @HerbieZimmerman where he had gotten a zip file from some malaspam containing an obfuscated Java Script file. The infection chain is documented on his site here https://www.herbiez.com/?p=550 He had … Continue reading
Unknown Exploit Kit
When I first seen a screenshot of this one that’s what this was, Unknown. Here is the twitter message that Jérôme Segura from Malwarebytes posted. and the response by William Metcalf @node5 replied that it was Sundown/Xer and they steal … Continue reading
Some data on Angler Exploit Kit
Here is some data assembled from Multiple Pcap’s. First I would like to thank Brad @malware_traffic for all of the Pcap’s and write-ups posted on http://www.malware-traffic-analysis.net/. I have downloaded All (almost all I’m sure I missed a couple) Pcap files … Continue reading
2016-03-30 – TRAFFIC ANALYSIS EXERCISE – MARCH MADNESS
Here is another “Malware Traffic Exercise”. The Scenario: The last company we were working for at Cupids Arrow in one of the last exercise went bankrupt and do to needing a job we accepted the offer from the former owners … Continue reading
2016-03-24 – ANGLER AND NUCLEAR EK KICKED OFF BY SAME COMPROMISED SITE
In this Traffic we get the chance to look at 2 infections from the same site, but I will concentrate mainly on the exploit kits themselves and the similarities between them noticed while looking at the decoded source code. You … Continue reading
2016-02-28 – TRAFFIC ANALYSIS EXERCISE – IDEAL VERSUS REALITY
Here is another Malware Traffic Exercise write-up. http://www.malware-traffic-analysis.net/2016/02/28/index.html Scenario: What’s my definition of a security analyst? Security analysts are responsible for monitoring their employer’s network and providing near-real-time detection of suspicious activity. Ideally, these analysts have access to intrusion detection … Continue reading
PC's Xcetra Support 