archive
Category: Coding

2017/03/15

Something Phishy – 03-15-2017 – (Part 1)

by Destruct_Icon
Categories: Analysis, Coding, JavaScript
Tags: ,
Comments: Leave a Comment

Hurrah! Destruct_Icon back with another Something Phishy. This one today was a feisty little fellah and I’m going to break it up into two parts. Part 1 will consist of the e-mail, 1st stage and some of the 2nd stage while Part 2 will be looking at the 2nd stage, the malware as well as a listing of the indicators.[…]

2016/02/08

Something Phishy – 02-08-2016

by Destruct_Icon
Categories: Analysis, Coding, JavaScript, Network Forensics
Tags: , ,
Comments: 1 Comment

Something Phishy – Return of the Fax! And we’re back with another “Something Phishy” for February. If you ever had a postal receipt sent to your e-mail, some of the behaviors may feel very familiar to you. Apparently I received a fax from incoming@interfax.net. Let’s start by pulling all the information we can out of[…]

2016/01/06

Something Phishy

by Destruct_Icon
Categories: Analysis, Coding, JavaScript
Tags: , , ,
Comments: Leave a Comment

:Something Phishy – Files in Files: Happy new year everyone! This is Destruct_Icon and one of the things I’d like to start doing this year is writing information about some of the phishing e-mails that come in as posts dubbed “Something Phishy”. I have a few e-mail boxes that get hammered by phishing e-mails but this first one[…]

2015/12/01

Beholder

:The Beholder Script: This is Destruct_Icon from MalWerewolf and I would like to introduce you to the Beholder script. This script allows you to take advantage of free software that may help you identify malware on your network. The origins of this script spawned from the needs of administrators who did not have the resources[…]

2015/08/11

PHP Obfuscation and Backdoors – Part 1

by Destruct_Icon
Categories: Coding, PHP
Tags: No Tags
Comments: Leave a Comment

:PHP Obfuscation and Backdoors – Part 1: We are no strangers to a bit of obfuscated code. If you aren’t familiar with obfuscation, check out some of the great videos on deobfuscating Javascript by 8bits which can be accessed here. Recently we were presented with an opportunity to assist another security researcher with a few potentially compromised pages[…]

2015/06/29

Virus Total API Python Script

by Destruct_Icon
Categories: Coding, Python
Tags: No Tags
Comments: 10 Comments

: Virus Total API Python Script : Scripts! Ok, now that we have your attention. Quite a few months ago we worked on building a foremost script where you could carve all the files out of memory and then query Virus Total for each hash. We wanted to pull the Virus Total subset out of[…]

2015/03/23

Honey the kids hacked us! – Part 1

by nanoSpl0it
Categories: Coding, Python
Tags: , , ,
Comments: Leave a Comment

:Honey, the kids hacked us!: There are many different questions that go through your head or discussions you might have when you first become a parent. Here are a few of the questions and discussions that I was apart of. 1) Organic or non-organic? 2) Cloth diapers or disposable? 3) Breast milk or formula? 4)[…]

2015/02/16

Importing Python Scripts: Clobbering sys.argv

by 8bits0fbr@in
Categories: Coding, Python
Tags: , , , , , , , , , ,
Comments: Leave a Comment

Often, we find the need to import a non-class based Python module into our own modules. Sure, many proper Python packages exist that we can use to do our dirty work (https://docs.python.org/2/tutorial/modules.html#packages), but what about when we run into a random script that simply uses its own main() and various functions to get the job[…]

2014/12/16

Powershell sMime Recovery Script (bye bye krt.exe)

by nanoSpl0it
Categories: Coding, Powershell
Tags: , , ,
Comments: Leave a Comment

sMime Recovery Created  a Powershell 2.0 compatible script to replace krt.exe KRT Deprecated according to Technet users, which is a GUI sMime recovery tool. As mentioned in the link above, krt.exe tool was deprecated after Windows Server 2003 R2 and is no longer updated. The krt.exe tools can run on Windows Server 2008, but it can[…]

2014/10/13

Deobfuscating JavaScript and Shellcode: Debugging + Dedicated Tools – Part 2/2

Welcome to Part II of a two-part series on JavaScript and shellcode deobfuscation! In our first video, we explored a few different methods to deobfuscate JavaScript. The first session resulted in a deobfuscated HTML page complete with malicious JavaScript. In this session, I cover how the malicious JavaScript works. Additionally, I debug the shellcode that[…]


Today is Monday
2017/10/23