Category Archives: Programming

PowerShell encoding used for Emotet Downloader

I first ran across the SecureString usage in this twitter thread where  @Anyrun_app is talking about a version of “Fake Net” to get all of the C2’s here There are a few methods listed in this thread by different … Continue reading

Posted in Malware, PowerShell, Programming | Tagged , , | Leave a comment

Hidden .Net Resources “Are Your Tools Finding Them” ?

This file was found thru Twitter and This sample appears to be a test piece of Ransomware written in dot Net with 2 binary resources that do not show up in normal tools. No obfuscation was used to … Continue reading

Posted in Malware, Programming, security | Tagged , | 1 Comment

Ghost In The Wires Paperback Ciphers

I received the book in mid December 2013 as a early Christmas present and completed reading it on December 24th 2013 and then began working on the ciphers. I was first trying to copy all of the ciphers  by hand … Continue reading

Posted in Ciphers, Programming | Tagged

Pulling apart Rig Exploit Kit

In the last post, A look at a cross bred Neutrino EK–Rig EK Flash file we see where the two exploit kits were merged into one. This one is pure Rig and looks the same on the surface as other … Continue reading

Posted in Malware, Networking, Programming, security | Tagged , | 1 Comment

Pulling apart Neutrino EK

I’ve spent the last few days going from top to bottom of 3 different Neutrino EK infections. The one I will show here is from Broad Analysis @BroadAnalysis  from their site You can download the pcap of the traffic … Continue reading

Posted in Malware, Programming | Tagged , , | 2 Comments

Decoding Angler Exploit Kit

After my last post Some data on Angler Exploit Kit I had received a request to write up a tutorial on decoding the Angler EK.  The Question is where to start ? Since they seem to be on vacation or … Continue reading

Posted in Malware, Programming, security | Tagged , ,

How Does JavaScript Right Shift Zero Fill Work

I have converted several online Classic cipher tools from Java Script, Python, C, and C++ to VB.Net for some of my projects. I will at times create small projects to get a better understanding of how a certain function works … Continue reading

Posted in Programming | Tagged