Main Page

From aldeid
Share/Save/Bookmark
Jump to: navigation, search

Pentesting   •    Network   •    Web Hacking   •    Digital Forensics   •    Malwares

send me a mail follow me on twitter follow me on dig follow me on facebook packetstorm tools linkedin profile subscribe rss feed follow me on youtube follow me on google+

Cryptolocker-icon.png

Analysis of CryptoLocker (MD5: 98c9676d887d024defc1d340bd723073)

Sun, 13 Apr 2014 17:00:00 +0000

CryptoLocker is a ransomware trojan. It crypts personal data on the infected machine with a private RSA key stored on the remote C&C. The malware then displays a message which offers to decrypt the data if a payment of 400 USD is made by a stated deadline, and threatens to delete the private key if the deadline passes.

Read more

Malware-analysis-icon.png

Analysis of Worm:VBS/Jenxcus

Thu, 27 Mar 2014 10:20:00 +0200

Worm:VBS/Jenxcus is a malware developed in VBScript by houdini. It uses a simple obfuscation technique based on the chr function. It posts sensitive data (Hardware ID, Hostname, Username, OS details, Antivirus, ...) to diana68.no-ip.biz on port 1177/tcp using the HTTP protocol. The malware has the ability to execute arbitrary commands, kill processes, send and receive files, enumerate files, processes and disk drives, delete files, ...

Read more

Sysanalyzer-icon.png

Analyzing malwares with SysAnalyzer

Fri, 21 Mar 2014 11:29:00 +0200

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system.

Read more

Ads-icon.png

Alternate Data Stream (ADS)

Wed, 12 Mar 2014 21:01:00 +0200

Alternate Data Stream (ADS) is a feature from Microsoft which purpose is to provide a compatibility with HFS, the file system management for Mac. It is well known from malware authors who can hide a malicious executable in a file.

Read more

Malicious-pdf-icon.png

Analysis of a malicious PDF file

Mon, 03 Mar 2014 08:21:00 +0200

I will describe the process of analyzing a malicious PDF file. For our analysis, we will need: the REMnux distribution (contains all below necessary tools), pdfid to identify objects in our PDF file, pdf-parser to list JavaScript objects, pdfobjflow to map the relationships between the PDF objects, jsunpackn to extract JavaScript contained in the PDF file, SpiderMonkey to run and de-obfuscate the JavaScript, sctest (libemu) to emulate the shellcode, command line tools (to convert our shellcode to various formats).

Read more

Origami-icon.png

Origami, a complete toolkit to analyze malicious PDF documents

Mon, 30 Dec 2013 14:26:00 +0200

Origami is a Ruby framework for manipulating PDF documents. It features a PDF compliant parser and allows to analyze, modify or create malicious PDF files. Origami supports advanced features of the latest PDF specifications: Encryption (up to Adobe Reader X), Digital signatures, Forms (Acrobat and XML), JavaScript, Annotations, Flash, File attachments, Object streams.

Read more

Offvis-icon.png

Analyze malicious Office documents with OffVis

Thu, 26 Dec 2013 12:25:00 +0200

The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks.

Read more

Officemalscanner-icon.png

Analyze Office documents with OfficeMalScanner

Mon, 23 Dec 2013 22:05:00 +0200

OfficeMalScanner is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams.

Read more

Cscript-wscript-icon.png

cscript and wscript

Sat, 21 Dec 2013 12:05:00 +0200

cscript and wscript are command line (CLI) utilities from Microsoft to analyze JavaScript and VBScript. They both use Internet Explorer scripting engine.

Read more

Malzilla-icon.png

Malzilla, malware hunting tool

Sun, 15 Dec 2013 12:15:00 +0200

Malzilla is a malware hunting tool. It uses the SpiderMonkey engine to analyze scripts. Among other things, it is able to deobfuscate JavaScripts and has several decoders and other utilities. It currently exclusilvely supports Windows.

Read more


Older entries »