Introduction to x86 Assembly Language – Part II

After the (very) high-level introduction of the part I, we are going to start to go a little bit deeper in the subject. Let’s start by having a closure look to the memory (RAM) and the related registers (e.g. general purpose registers, segment registers, EFLAGS…

[OS X] List processes using internet

Under OS X if you are interest to find out which process is using internet you can using the following command: lsof -i -P -n This command normally list all the open file on the system, but using the -i option it will list all…

Introduction to x86 Assembly Language – Part I

This article is an attempt to introduce some of the key concepts of x86 Assembly Language. It will focus on how such language is used by malware analyst to understand what a malicious software is doing and how it has been programmed by its author….

[Update] Honeypot results June 2012

Here are the latest graphs of my honeypot. Overall “normal traffic”, at the exception of several attempts to download a file named “h.exe” from a particular IP address. However it seems that this host has been cleaned in the meantime as all attempts results in…

[FR] Installer Wireshark sous Mac OS X 10.5 & 10.6

Wireshark ? Qu’est-ce que c’est ? Voici, une liste non exhaustive des fonctionnalités de base de ce logiciel: support de plusieurs protocoles (une centaine au total) capture du trafic en mode on/off line fenêtre de visualisation à trois volets fonctionne sur plusieurs systèmes d’exploitation: Windows,…

Cuckoo – Automated Malware Analysis

Cuckoo is a malware analysis system. Based on the description on the website: Its goal is to provide you a way to automatically analyze files and collect comprehensive results describing and outlining what such files do while executed inside an isolated environment. It’s mostly used…

Honeypot results May 2012

Find below the latest graphs of the honeypot I’m running. Overall an increase in the number of connection with some huge speak at the end of April and beginning of May. Note: due to a system restart, the honeypot was not running for a few…

Flame – Cyberwar in action?

The Flame virus has gone public during the last few days of May 2012. This discovery has been made two years after Stuxnet (June 2010) and less than a year after Duqu (Sept. 2011). Despite the fact that those three virus have different objectives, they have in common their complexity and the fact that they have been probably developed by people with “unlimited” resources. So where are we now? Is this cyberwar? or this is the natural evolution of cyber criminal?