Category: Analysis


New Intel Delivery Mechanism

by Destruct_Icon
Categories: Analysis, News
Tags: , , ,
Comments: Leave a Comment

Sometime last year, Soltra was starting to go through some interesting times and as such I started looking into new intel sharing platforms. Soltra has since been purchased by NC4 and now the free version of Soltra only allows consumption of indicators with no capabilities to contribute. If you are interested in taking a look at what[…]


Something Phishy – 03-15-2017 – (Part 1)

by Destruct_Icon
Categories: Analysis, Coding, JavaScript
Tags: ,
Comments: Leave a Comment

Hurrah! Destruct_Icon back with another Something Phishy. This one today was a feisty little fellah and I’m going to break it up into two parts. Part 1 will consist of the e-mail, 1st stage and some of the 2nd stage while Part 2 will be looking at the 2nd stage, the malware as well as a listing of the indicators.[…]


The Importance of Dual Tool Verification

Those of us working in the Digital Forensics and Incident Response realm rely on tools to harvest data for analysis, not to mention to perform the actual analysis. Let’s be honest: Without tools, we would have a dickens of a time doing our jobs. Unfortunately, this had led to examiners having an inherent high level[…]


Most Recent Used (MRU) Peek-A-Book

In this post, we will cover some cool ways to review the Most Recent Used (MRU) keys from the Windows registry. The goal of the article is to show how these keys can be useful, explain how to review them using RegRipper, and provide a means to review these keys directly from a memory image[…]


Time for an Autopsy!

Autopsy Introduction Greetings! Destruct_Icon here with a look into a forensics tool named Autopsy. Autopsy is a GUI into a suite of tools known as The Sleuth Kit and can be found here. In this article, we want to introduce you to the interface itself as well as describe some of the capabilities. First off, we have a[…]


Security Tools Page

Security Tools Page Introduction Destruct_Icon here. I wanted to post about a new addition to our site. We’ve added a page devoted to security tools. Just click on the “Security Tools” option in the Menu. Here we will be adding tools and categorizing their use for quick searching capabilities. We plan to create posts for each[…]


Intel TAXII Feed

by Destruct_Icon
Categories: Analysis
Tags: , ,
Comments: 4 Comments

Intel TAXII Feed Introduction So, does anybody know what happened to April? Because it’s already almost over. ANYWAY, I’m here to introduce you to the MalWerewolf Intel TAXII Feed! We’ve been poking at some ideas for storing indicators and figured this may be the best route for sharing that data. What are we using to store the[…]


Network Forensics – Round 7: Ann’s Dark Tangent

Network Forensics – Round 7: Ann’s Dark Tangent The Puzzle: Ann’s Dark Tangent (DEFCON 2010) Ann has arranged a rendezvous with Dark Tangent. You are the forensic investigator. Can you figure out their destination? Again for this challenge I utilized the same tools as the other rounds to accomplish the above tasks. There are always[…]


Office and OLE File Forensic Analysis Primer – 4

by InterDimensional_Shambler
Categories: Analysis, Malware Reverse Engineering
Tags: No Tags
Comments: 1 Comment

Office and OLE File Forensic Analysis Primer – 4 This is a continuation of the Office and OLE File Forensic Analysis Primer. This post will cover the third scenario which is an office DOCX file with a malicious macro. Scenario 3 (DOCX): MD5: e8377c5bc65819f51fae7b6d801d08f7 Open the file with a hex editor. Note the difference not[…]


Something Phishy – 02-08-2016

by Destruct_Icon
Categories: Analysis, Coding, JavaScript, Network Forensics
Tags: , ,
Comments: 1 Comment

Something Phishy – Return of the Fax! And we’re back with another “Something Phishy” for February. If you ever had a postal receipt sent to your e-mail, some of the behaviors may feel very familiar to you. Apparently I received a fax from Let’s start by pulling all the information we can out of[…]

Today is Friday