Tag Archives: Security

A deeper look inside one of the new Emotet Malware Docs

The sample here comes from a quick search supplied by ANY.RUN @anyrun_app  of #emotet-doc to filter quickly on documents you want to look at. Twitter reference Here and the link to the file we are going to use Here. One … Continue reading

Posted in Malware | Tagged , , , | Leave a comment

A look at a bmp file with embedded shellcode

The sample today is from PaulM @melsonp While watching his BSIDES Augusta talk from 2018  Here,  at that the end he shows a picture file that gets downloaded from a layered PowerShell script. He was kind enough to send me … Continue reading

Posted in Malware, PowerShell, security | Tagged , , | Leave a comment

A deeper look into a wild VBA Macro

This Sample comes from Brad Duncan @malware_traffic from his SANS ICS Diary located Here and the Files on His blog Here. For this session I will be using “2019-01-23-example-of-attached-Word-doc-1-of-7” word document. I ended up looking at this from different directions … Continue reading

Posted in Malware, Programming, VBScript | Tagged , | Leave a comment

Extracting and decoding malicious macros

The sample used here is from the video from  Karsten Hahn @struppigel . If you have not seen any of them before I would highly recommend checking them out. The video can be found here https://youtu.be/SCJVW1E8dFA The Sample can Be … Continue reading

Posted in Malware, security | Tagged , ,

2016-03-24 – ANGLER AND NUCLEAR EK KICKED OFF BY SAME COMPROMISED SITE

In this Traffic we get the chance to look at 2 infections from the same site, but I will concentrate mainly on the exploit kits themselves and the similarities between them noticed while looking at the decoded source code. You … Continue reading

Posted in Malware, Networking, security | Tagged , ,

Rootkits

Rootkits have become the most devious method of hiding malware on a system. They are being employed to every sector from the home user to government to private industry.The monetary and information losses along with infrastructure disruption will continue to … Continue reading

Posted in RootAdmin | Tagged

Microsoft Security Essentials Locked Down Even More

The ability to temporarily stop the service has been locked down even more. Earlier this year I installed Microsoft Security Essentials on my moms old single core Windows XP system. Sometimes as she was playing games her pointer would float … Continue reading

Posted in RootAdmin | Tagged , | 3 Comments