Skip to main content


Smishing increasing Phishing attacks

Smishing or AKA SMS phishing attacks on the rise. #ModernNetSec On January 26, a new smishing attack targeted users in the Czech Republic. Smishing, or SMS phishing, is a vector attackers use to send SMS messages from supposedly legitimate organizations. These messages persuade users to download a malicious app, to provide private information like bank account or credit card details, or to click on a malicious URL. "In this campaign, the attackers masqueraded as Czech Post, the Czech postal service to get users to download a malicious app containing a full-scale Trojan horse. Once users click the link, they are led to a fake Czech Post web page with a seemingly legitimate address. From there the malware downloads and installs immediately on the mobile device. Since users need to approve the installation of apps from sources other than Google Play, the " Here is an example I got this week …
Recent posts

Using hashing to Crack Passwords

This is amazing cutting edge cracking from Standford!

Free IDA Pro Binary Auditing Training Material for University Lectures Note: There are NO true runnable viruses included with this package!

Every wanted free malware analysis training?

WHAT IS INSIDE...TopicFilesIDA Pro 5.0 (Free)1TOTAL324HLL Mapping 1 (NOT for training, only as reference!)98HLL Mapping 2 (Start here and convert them to C)31Manual Decompilation (Simple exercises)10Algorithm Analysis 1 (Simple math exercises)3Algorithm Analysis 2 (Simple math exercises)6Crash Auditing (more complicated, why crashing?)10File Understanding (Simple to hard Reversemes)31Copy Protection Auditing (Simple to very hard)47Unpacking (Simple exercises)3

Autorun.inf Malware

I though this find was really interesting and wanted to share the post.

Check out this Github link for more details form the source.

usb_vaccine.cmd USB malware immunity script and hidden files revealer.Does not remove malware.Must be used in conjunction with an anti-virus program.DownloadWhat does it doDetects and removes AutoRun commands for your Command Processor (cmd.exe).Disables AutoRun entirely, for both CD-ROM drives, and USB flash drives. The IniFileMapping method. Most secure.Cleans MountPoints2 registry key, which is the AutoRun cache used by OS, for all users.Disables "Hide extensions for known file types", for security reasons.Show extensions for PIF files, also for security reasons.Restores shortcut arrow icons, that may be removed due to malware's infection (registry hack). Travels through the root directories of all drives (including USB drives and SD/MMC cards), and:deletes all shortcuts, file symbolic links, and …

Virtual Patching and why this method can balance your patching cycles

I have been in various companies and they all have there own system on how they update and patch servers, workstations. One common denominator are out of band patching. Some will allow them to be out of date for 1-2 weeks. But the more agreesive will do out of band patching/scanning to confirm this is mediated. One thing I would like to suggest is virtual patching solutions to reduce the attack surface. Malware bytes offers a Anti-exploit kit for virtually patching these software bugs. Trend Micro also offers a more exspensive IPS module for there Deep security end point protection. They also have a anti-threat exploit stand alone which only does that. Most hackers already know you will patch on patch tuesday or shortly after and when there are out of band vulns. that show up critical they will target large companies that dont fix these glaring issues. Virtual patching will instanting protect your end points. 

POS Malware

How are we to ever protect ourselves until we can get these systems with End to End Encryption. This is what Edward Snowden has been preaching for years and its about time we make this a federally audited standard. We need to get this under control.

Here is an interesting read.

Hack on Sony with Malware takes out the network for 1 week - Destructive Malware

First off I would like to say this Malware can enter the network from temp files or “Malvertizing Ads” 
Dropper – prepares and then ends tasks by adding another type of malware to finish for the kill. This is why we often see more than one variant. Malware acts as a team of attackers which serve different functions for an overall agenda/goal.

“The Destover droppers install and run EldoS RawDisk drivers to evade NTFS security permissions and overwrite disk data and the MBR itself. “
The complied on date for the malware was 4-5 hours before deployment so Phishing is ruled out and more then likely its done through embedding into images on high traffic websites.
"The Destover droppers install and run EldoS RawDisk drivers to evade NTFS security permissions and overwrite disk data and the MBR itself. There are implications for data recovery in this. In the case of theDarkSeoul malware, the overwritten data could be restored using a method similar to the restoration of the Shamoon 'des…