BRO vs Snort IDS Locky Ransomware tcpdump Traffic Sample Data Packet Analysis

(PCAP and Binary samples available with their usual password and location) Bro and Snort are completely different types of applications although they are commonly compared against one another. From a network security standpoint Snort can’t do much to detect new malware variants, obfuscation TTPs and other non-low hanging fruit we haven’t created a signature for.… Read More »

Share Button

Traffic Sample PCAP of FakeAV Malware and Kazy Trojan Downloader

Two key indicators: FakeAV POST – POST /hrrgkkwhjdwwwww/order.php?pid=390 (attempting to setup a payment for the FakeAV with the pid linking to the current session) Trojan Downloader function – GET /week.exe HTTP/1.1     2015-08-27 11:39:35.045855 ARP, Request who-has 192.168.56.1 tell 192.168.56.10, length 28 …….. .’*….8 ……..8. 2015-08-27 11:39:35.046218 ARP, Reply 192.168.56.1 is-at 0a:00:27:00:00:00, length 46 …….. .’…..8.… Read More »

Share Button

Penetration Testing Reconassaince Command Line Tricks Dig, Mass Domain Resolution, Ping Sweeping

Here are some simple command line tricks to help while doing recon on your target network/host A simple way to automatically resolve domain names, can be used with a for loop to resolve a massive list of domain names, you can also add a cronjob and create an .out file if you want to track… Read More »

Share Button

Analysis SecureStudies.com OSSProxy MarketScore OpinionSpy Adware/PUP/Trojan/Malware comScore vs Nielsen

A few days back one of our Virus/Malware file submission sites received close to a hundred executables from two IP addresses over an hour period for comScore, Inc related samples running AV detection scans against each file. This activity flagged some interest at first because the binary files were for various Operating Systems such as Linux… Read More »

Share Button

Adware loading Malware for Monetization? System Healer Social Engineers DNSChanger/Dynamer 185.17.184.11

Typically, malware will be installed through the use of exploit kits, spam e-mails, gifs laced with executables, torrents and so on. That being said, there is a fairly commonly downloaded software package known as “System Healer” being downloaded on the interwebs which claims to speed up your PC and optimize it. Are Sethealer.net/iSystemHealer.com/MagicPro.org serving up… Read More »

Share Button

MAJOR Zero Day 0day Exploit in SMB Samba 445 BADLOCK BUG Vulnerability

Critical vulnerability allowing remote exploitation of virtually ALL versions of Samba’s Server Message Block (SMB) protocol which is a version of Common Internet File System (CIFS) which operates by default over port 445 TCP as an application-layer network protocol. SMB is typically used to provide shared access to files, printers, and serial ports and miscellaneous communications… Read More »

Share Button

Offensive Security Certified Professional (OSCP) Study Guide Links & Material

Vulnerable By Design – VulnHub – https://www.vulnhub.com   https://www.offensive-security.com/blog/   Metasploit Unleashed   0x2 Course Review: Penetration Testing with Kali Linux (OSCP)   http://www.fuzzysecurity.com/tutorials.html   https://www.corelan.be/index.php/articles/   https://blog.g0tmi1k.com/   Complete training series of videos:   HACKING THE GHOST MACHINE IN OFFENSIVE SECURITY COMPETITION OFFENSIVE SECURITY 2013 – WEB APPLICATION HACKING 101 OFFENSIVE SECURITY 2013 –… Read More »

Share Button

REINCARNA Linux.Wifatch Malware Whitehat Backdoor made by the good guys? How illegal is this?

So last night I did a little banner grabbing from some IP ranges that have been historically extremely insecure, I”m not a blackhat hacker anymore so my intentions weren’t to exploit these hopeless incompetent victims but I would have notified them. I have considered the idea of compromising them just to patch them and save… Read More »

Share Button