2014 at a Glance
Everyone here at MalWerewolf would like to wish you happy holidays! This has been a great year for us and we have a lot more planned up ahead. One of the features we would like to get implemented over the next few weeks will be a “Coming Soon” menu which will give an idea of what we are currently working on. We will also be introducing one of our authors who have been behind the scenes for the past year helping build out our network infrastructure. Now that we have some of our foundations set, our next task is to explore and deploy.
If you are new or a reoccuring viewer to MalWerewolf, we wanted to give a break down of some of the posts throughout 2014. As there are quite a few articles, we are picking out one from each of the authors to help get you up to speed.
They see me trollin, they hatin. Ever wanted to get back at some of the Micrsoft scammers? Come watch Otakun have a nice long conversation with them as everything they do is recorded inside a VM. At the end, you kind of feel for them. http://malwerewolf.com/2014/10/ms-support-scam/
nanoSpl0it is no stranger to coding. He has cooked up a few of the scripts in our github at https://github.com/malwerewolf. Recently, he has published some code to aid in the sMIME recovery process using powershell. Get to it admins! http://malwerewolf.com/2014/12/powershell-smime-recovery-script-bye-bye-krt-exe/
Enter the mind of the InterDimensional_Shambler. The most recent post was regarding IOCs (indicators of compromise) and the openIOC format. As this is very recent, I’d like to bring up his article regarding manually carving data out of streams using applications such as wireshark. This is an extremely useful skills in our line of work and anybody new or even a veteran to security should know and understand how to do it. http://malwerewolf.com/2014/04/wireshark-primer-manual-carve-http-objects/
Let our host of host analysis help push you in the right direction for any investigation you may have. As memory forensics is a big deal that’s just barely getting a lot of attention, it’s only fitting we highlight on the Mandiant: Redline introduction from DFIRninja. If you haven’t looked at any of the memory forensics tutorials, this is the perfect article to get your fill! http://malwerewolf.com/2014/09/memory-forensics-mandiant-redline/
The last thing to bring to your attention is our article on plaso (google timeline). This is paired with the introduction to the ELK (elasticsearch, logstash and kibana) stack which helps you SIFT (hehe, see what I did there?) through logs in a lot easier fashion. We are still waiting for Kibana 4 to be a full release along side the next elasticsearch before going into a deep dive of this free log aggregator but here’s something to wet the appetite. http://malwerewolf.com/2014/11/plaso-google-timelines/
We would like to again thank you for the support throughout the year and look forward to bringing more information to you as the reader for many years to come. Please don’t hesitate to contact any of us at our @malwerewolf.com e-mail addresses or hit us up on twitter at http://twitter.com/malwerewolf.