Category Archives: security

A closer look at “NetSupport”(Rat) top 2 layers

This post is based on the blog post by FireEye located Here. I was given a private .saz to look at by someone else that gave me the entire infection chain. In this post I will only be doing 2 … Continue reading

Posted in Malware, security | Tagged , | Leave a comment

Hidden .Net Resources “Are Your Tools Finding Them” ?

This file was found thru Twitter https://twitter.com/0x7fff9/status/936301229612961792 and https://beta.virusbay.io/sample/browse/106366f1fe0f39232bc86be49ecbad4a This sample appears to be a test piece of Ransomware written in dot Net with 2 binary resources that do not show up in normal tools. No obfuscation was used to … Continue reading

Posted in Malware, Programming, security | Tagged , | 1 Comment

Peeling away the layers of a word document macro

The sample used in this one was first brought to my attention from the blog post by @HerbieZimmerman  and the blog post is here. https://www.herbiez.com/?p=1028 and the link to the doc file is here https://www.hybrid-analysis.com/sample/0de3f4380b642e59d0cde5570ed13bfc727000b94a034ce10e1f87bfac3fac79?environmentId=100 This one peaked my interest … Continue reading

Posted in Malware, PowerShell, security, VBScript | Tagged , , | Leave a comment

De-obfuscating a PowerShell Script Obfuscated by Invoke-Obfuscation

Here I will be trying to deep dive on how the obfuscation works and what is required to de-obfuscate it. This sample comes from @James_inthe_box posted here https://twitter.com/James_inthe_box/status/928644055054946305 on November 9th 2017. Here is the link to the “pastebin” of … Continue reading

Posted in Malware, security | Tagged , | Leave a comment

Not A DerbyCon Talk part #1

This will be the first in a series (1 of x ) that I was hoping to stuff into a 30 minuet talk at DerbyCon 2017. In hindsight it would be better suited as an informal training session where questions … Continue reading

Posted in Malware, security | Tagged , | Leave a comment

Extracting and decoding malicious macros

The sample used here is from the video from  Karsten Hahn @struppigel . If you have not seen any of them before I would highly recommend checking them out. The video can be found here https://youtu.be/SCJVW1E8dFA The Sample can Be … Continue reading

Posted in Malware, security | Tagged , , | Leave a comment

Decoding Java Script Walk Thru

This is from a request by Herbie Zimmerman‏ @HerbieZimmerman to show how my decoding process works to decode a script found on Payload Security by My Online Security‏ @dvk01uk (Twitter Link to Conversation https://twitter.com/Ledtech3/status/894672552341229568) Link to file download on Payload … Continue reading

Posted in Malware, security | Tagged , | Leave a comment