archive
Category: Analysis

2016/01/06

Something Phishy

by Destruct_Icon
Categories: Analysis, Coding, JavaScript
Tags: , , ,
Comments: Leave a Comment

:Something Phishy – Files in Files: Happy new year everyone! This is Destruct_Icon and one of the things I’d like to start doing this year is writing information about some of the phishing e-mails that come in as posts dubbed “Something Phishy”. I have a few e-mail boxes that get hammered by phishing e-mails but this first one[…]

2015/12/01

Beholder

:The Beholder Script: This is Destruct_Icon from MalWerewolf and I would like to introduce you to the Beholder script. This script allows you to take advantage of free software that may help you identify malware on your network. The origins of this script spawned from the needs of administrators who did not have the resources[…]

2015/11/03

Elasticsearch 2.0!

by Destruct_Icon
Categories: Analysis, News
Tags: No Tags
Comments: Leave a Comment

:Elasticsearch 2.0: Last week brought the release of Elasticsearch 2.0, Logstash 2.0 and Kibana 4.2. Please visit elastic.co to obtain a copy. There have been multiple improvements and changes within the three environments which has also required me to do some heavy changes to the ELK shell script which I was working on a post[…]

2015/10/12

Network Forensics – Round 6: Ann’s Aurora

:Network Forensics – Round 6: Ann’s Aurora: The puzzle: Ann’s Aurora Ann Dercover is after SaucyCorp’s Secret Sauce recipe. She’s been trailing the lead developer, Vick Timmes, to figure out how she can remotely access SaucyCorp’s servers. One night, while conducting reconnaissance, she sees him log into his laptop (10.10.10.70) and VPN into SaucyCorp’s headquarters.[…]

2015/09/01

Network Forensics – Round 5: Ms. Moneymany’s Mysterious Malware

:Network Forensics – Round 5: Ms. Moneymany’s Mysterious Malware: The puzzle: It was a morning ritual. Ms. Moneymany sipped her coffee as she quickly went through the email that arrived during the night. One of the messages caught her eye, because it was clearly spam that somehow got past the email filter. The message extolled[…]

2015/07/21

Network Forensics – Round 4: The Curious Mr. X

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 1 Comment

Network Forensics – Round 4: The Curious Mr. X Round 4! Below is the scenario for round 4 in the Network Forensics Challenge Series: While a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research Facility’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a compromised system), he conducts some noisy[…]

2015/06/16

Office and OLE File Forensic Analysis Primer – 3

by InterDimensional_Shambler
Categories: Analysis, Malware Reverse Engineering
Tags: No Tags
Comments: Leave a Comment

Office and OLE File Forensic Analysis Primer – 3 This is a continuation of the Office and OLE File Forensic Analysis Primer. http://malwerewolf.com/2015/06/office-ole-file-forensic-analysis-primer-2/ This post will cover the second scenario which is an office XLS file with a malicious macro. Scenario 2 (XLS): MD5: a29094974ba5eda35d3440f95531277d Open the file with a hex editor. There appears to[…]

2015/06/02

Office and OLE File Forensic Analysis Primer – 2

by InterDimensional_Shambler
Categories: Analysis, Malware Reverse Engineering
Tags: No Tags
Comments: Leave a Comment

Office and OLE File Forensic Analysis Primer – 2 This is a continuation of the Office and OLE File Forensic Analysis Primer. https://malwerewolf.com/2015/05/office-ole-file-forensic-analysis-primer-1/ This post will cover the first scenario which is an office DOC file with a malicious macro. Scenario 1 DOC File: MD5: f08f126df999f74c52252aeddad5a9e5 Check out the DOC in a hex editor (Keeping[…]

2015/05/19

Office and OLE File Forensic Analysis Primer – 1

by InterDimensional_Shambler
Categories: Analysis, Malware Reverse Engineering
Tags: No Tags
Comments: Leave a Comment

Office and OLE File Forensic Analysis Primer Warning! Actual malware will be executed following these instructions, use caution and a sandbox with NO INTERNET. This is the Office and OLE File Forensic Analysis Primer. It’s intended to get from: “How do I analyze an office file?” To “Hey I can tell the difference between a[…]

2015/05/05

Network Forensics – Round 3: Ann’s Apple TV

by DFIRninja
Categories: Analysis, Network Forensics
Tags: , ,
Comments: 1 Comment

: Network Forensics Round 3! : Ann’s Apple TV Below is the scenario for round 3 in the network forensic challenge series: Ann and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann[…]


Today is Wednesday
2017/08/16