Mirai Internet of Things IoT DDoS sets record 600+ GB/Sec and your refrigerator could have been one of the attackers!

What is the Internet of Things (IoT) ? In today’s technological expansion everything seems to be connected to the Internet, for instance in my own home I have my refrigerator, thermostat, video cameras, tablets, cell phone, TV, xbox, DirecTV box, printer, security system, laptops, servers, workstations, Ethernet tap, a switch and a router all connected… Read More »

Share Button

Similarities and Differences in the terms Phishing, Malvertising, Spam and Malware E-mails

What is Phishing? What are malvertising, spam e-mail and malware e-mail campaigns?  These terms have started to become intertwined and used interchangeably which generally means that there is a lack of understanding in the IT community which is typical. Over time laziness and improper training has a way of bending security definitions into bundles. A great example… Read More »

Share Button

Writing Shellcode for Buffer Overflows – Avoiding Bad Characters

Depending on the application, vulnerability type, and protocols in use, there may be certain characters that are considered “bad” and should not be used in your buffer, return address, or shellcode. One example of a common bad character (especially in buffer overflows caused by unchecked string copy operations) is the null byte (0x00). This character is considered bad because… Read More »

Share Button

Fuzzing Programs to find Windows Buffer Overflows – Bypass ASLR & DEP – Controlling and Overwritting EIP

Modern Windows Buffer Overflows and Techniques Most Windows applications are complied using Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) support, which makes the exploitation process a lot harder as we will have to bypass these internal security mechanisms. These memory protections were implemented in Microsoft Windows 7, (DEP) is a set of hardware, and software,… Read More »

Share Button

ANSWERS – Malware PCAP Traffic Analysis – Can you name the different types of malware? 2016-08-27

Here are the files that were executed to generate the traffic and pcap in the previous post:   Eorezo – sunnyday.exe https://malwr.com/analysis/YzcxYTM0MzYxNGUyNDBjZjkyZjdlYzAyNzdkMTg5OWU/ https://virustotal.com/en/file/d1ae1454cca36dce4a687846ec394c542b13e829755c40653fbd495d95b02197/analysis/1472172878/ Farfli – netstream.exe https://virustotal.com/en/file/969063116b1c717cd07015e04ecd6c2a6ad883da7dbcd2a4cd157100fa9c7b50/analysis/1472173093/ Citidel https://virustotal.com/en/file/0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd/analysis/1472173251/ SHA256:     0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd File name:     PROTESTO.exe Detection ratio:     40 / 54 Analysis date:     2016-08-26 01:00:51 UTC ( 0 minutes ago ) Banking Trojan… Read More »

Share Button