DFIR Challenge – ISSA 2013 – My Answers

Jack Crook has posted a new DFIR challenge a few days ago. Let’s have a look at the challenge and also to my answers. Obviously if you want to enjoy the challenge then don’t read this article, go on the challenge page, download what’s necessary…

Exploit Pack Overview using Maltego

I was reading a post from the contagio blog, which I highly recommend, Mila is providing a lot of samples and other very useful information. One of the latest post is related to exploit packs. Mila is actually compiling an exhaustive list of exploit packs…

Indicator Of Compromise (IOC) – Part I

The current threat landscape is made of highly complex viruses and/or stealth intrusions, very difficult to prevent, identify, detect, etc. Also the IT environment is vast, heterogeneous, not always managed, making it even more difficult to ensure that a breach is contained quickly and in effective manner. So what do we need? An easy and standard way to describe a breach or the describe a malware and its behaviors. Also we need the ability to share this description You guess it, Indicators of Compromise are the solution!

Malware anti-VM technics

Malware analysis usually involved the use of virtual environment (VM) such as VMware, VirtualBox and plenty of other virtualisation solutions. Mentioning the main virtualisation product is great but such products are also used in sandbox and other testing environment such as Virustotal, Anubis, etc. There…

Introduction to x86 Assembly Language – Part II

After the (very) high-level introduction of the part I, we are going to start to go a little bit deeper in the subject. Let’s start by having a closure look to the memory (RAM) and the related registers (e.g. general purpose registers, segment registers, EFLAGS…

Introduction to x86 Assembly Language – Part I

This article is an attempt to introduce some of the key concepts of x86 Assembly Language. It will focus on how such language is used by malware analyst to understand what a malicious software is doing and how it has been programmed by its author….

Cuckoo – Automated Malware Analysis

Cuckoo is a malware analysis system. Based on the description on the website: Its goal is to provide you a way to automatically analyze files and collect comprehensive results describing and outlining what such files do while executed inside an isolated environment. It’s mostly used…

Honeypot results May 2012

Find below the latest graphs of the honeypot I’m running. Overall an increase in the number of connection with some huge speak at the end of April and beginning of May. Note: due to a system restart, the honeypot was not running for a few…