Clik here to view.
Analysis of Web-based Malware Attack
Due to the very nature that this is a website on the Internet means that eventually it would be susceptible to an attack. Wordpress and blog sites are notoriously targeted with infections that append...
View ArticleGeolocational Log Analysis: Think Globally, Act Locally
In many network environments the administrators and security engineers have an understanding of the full geographical scope and reach of their network. While some corporations have a global audience...
View ArticleMalicious PDF Analysis: Reverse code obfuscation
I normally don't find the time to analyze malware at home, unless it is somehow targeted towards me (like the prior write-up of an infection on this site). This last week I received a very suspicious...
View ArticleJava Malware - Identification and Analysis
DIY Java Malware AnalysisParts Required:AndroChef ($) or JD-GUI (free), My Java IDX Parser (in Python), Malware SamplesSkill Level: Beginner to IntermediateTime Required: Beginner (90 minutes),...
View ArticleClik here to view.
Noriben - Your Personal, Portable Malware Sandbox
Announcing NoribenNoriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it...
View ArticleNoriben version 1.1 Released
I've made available the latest version of Noriben with some much-needed updates.The greatest update is a series of added filters that dramatically help to reduce false positive items in the output....
View ArticleGhetto Forensics!
While I have maintained a blog on my personal website (www.thebaskins.com) for many years, the process of creating new posts on it has become cumbersome over time. As I perform more technical posts,...
View ArticlePresentation Archive
Below are a series of presentations I've given over the years, though not a fully inclusive list. Many are too sensitive (FOUO/LES/S/TS/SAP/EIEIO) to store, and others have been lost to digital decay....
View ArticleClik here to view.
31337 Password Guessing
In the digital forensics and incident response we tend to deal with encrypted containers on a regular basis. With encrypted containers means dealing with various styles and iterations of passwords used...
View ArticleClik here to view.
How to Attend Conferences On A Budget (Part One)
Cons, they are the ultimate thrill ride for many in the Information Security business. A chance to get away from work for a week, to drink heavily and listen to talks, to try and get an eye full of...
View ArticleNoriben Version 1.2 released
In a mad rush of programming while on a plane to BSidesNOLA, and during the conference, I completed a large number of updates, requests, and demands for Noriben.As a basic malware analysis sandbox,...
View ArticleHow to Attend Conferences On A Budget (Part Two)
In a previous post, we discussed how to build approval for attending a conference of your choice, based on using technology to find the best-priced venues and travel. This post is a follow-on that...
View ArticleHow To: Static analysis of encoded PHP scripts
This week, Steve Ragan of CSO OnlineĀ posted an article on a PHP-based botnet named by Arbor Networks as Fort Disco. As part of his analysis, Ragan posted an oddly obfuscated PHP script for others to...
View ArticleClik here to view.
Mojibaked Malware: Reading Strings Like Tarot Cards
One notable side effect to working in intrusions and malware analysis is the common and frustrating exposure to text in a foreign language. While many would argue the world was much better when text...
View ArticleClik here to view.
Malware Analysis: The State of Java Reversing Tools
In the world of incident response and malware analysis, Java has always been a known constant. While many malware analysts are monitoring more complex malware applications in various languages, Java is...
View ArticleNoriben version 1.4 released
It's been a few months since the last official release of Noriben. The interim time has been filled with a few ninja-edits of updated filters, and wondering what to put in next.Noriben started out as a...
View ArticleClik here to view.
Dumping Malware Configuration Data from Memory with Volatility
When I first start delving in memory forensics, years ago, we relied upon controlled operating system crashes (to create memory crash dumps) or the old FireWire exploit with a special laptop. Later,...
View ArticleA GhettoForensics Look Back on 2013
This site, Ghetto Forensics, was started this year as the beginning of an effort to better document some of the side work that I do that I thought would be appealing, or humorous, to the overall...
View ArticleGhetto Forensics!
While I have maintained a blog on my personal website (www.thebaskins.com) for many years, the process of creating new posts on it has become cumbersome over time. As I perform more technical posts,...
View ArticleClik here to view.
Malware with No Strings Attached - Dynamic Analysis
I had the honor of lecturing for Champlain College's graduate level Malware Analysis course this week. One of the aspects of the lecture was showing off dynamic analysis with my Noriben script and some...
View Article