Clik here to view.
Is Google Scanning Malware Email Attachments Between Researchers
Disclaimer: This post is based upon experiences I found when sending malware via GMail (Google Mail). I'm documenting them here for others to: disprove, debate, confirm, or to downplay its...
View ArticleClik here to view.
Malware with No Strings Attached Part 2 - Static Analysis
In the previous post I showed some dynamic analysis procedures for a variant of aĀ trojan known to Symantec as Coreflood. Based on the dynamic analysis, we discovered that the analyzed sample contained...
View ArticleClik here to view.
Moving On to New Career Opportunities
In the next few days I will be moving on from my current work and into a new and exciting opportunity. As I work through this effort, while writing a book and preparing con talks, I started to think of...
View ArticleClik here to view.
Mojibaked Malware: Reading Strings Like Tarot Cards
One notable side effect to working in intrusions and malware analysis is the common and frustrating exposure to text in a foreign language. While many would argue the world was much better when text...
View ArticleClik here to view.
A Walkthrough for FLARE RE Challenges
The FireEye Labs Advanced Reverse Engineering (FLARE) challenge was causing a bit of a buzz when it was announced and launched in early July. It read like a recruitment campaign for a new division...
View ArticleClik here to view.
DJ Forensics: Analysis of Sound Mixer Artifacts
In many forensics examinations, including those of civil and criminal nature, there is an art to finding remnants of previously installed applications. Fearing detection, or assuming that an...
View ArticleClik here to view.
Analysis of Web-based Malware Attack
Due to the very nature that this is a website on the Internet means that eventually it would be susceptible to an attack. Wordpress and blog sites are notoriously targeted with infections that append...
View ArticleGeolocational Log Analysis: Think Globally, Act Locally
In many network environments the administrators and security engineers have an understanding of the full geographical scope and reach of their network. While some corporations have a global audience...
View ArticleMalicious PDF Analysis: Reverse code obfuscation
I normally don't find the time to analyze malware at home, unless it is somehow targeted towards me (like the prior write-up of an infection on this site). This last week I received a very suspicious...
View ArticleJava Malware - Identification and Analysis
DIY Java Malware AnalysisParts Required:AndroChef ($) or JD-GUI (free), My Java IDX Parser (in Python), Malware SamplesSkill Level: Beginner to IntermediateTime Required: Beginner (90 minutes),...
View ArticleClik here to view.
Noriben - Your Personal, Portable Malware Sandbox
Announcing NoribenNoriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it...
View ArticleNoriben version 1.1 Released
I've made available the latest version of Noriben with some much-needed updates.The greatest update is a series of added filters that dramatically help to reduce false positive items in the output....
View ArticleGhetto Forensics!
While I have maintained a blog on my personal website (www.thebaskins.com) for many years, the process of creating new posts on it has become cumbersome over time. As I perform more technical posts,...
View ArticlePresentation Archive
Below are a series of presentations I've given over the years, though not a fully inclusive list. Many are too sensitive (FOUO/LES/S/TS/SAP/EIEIO) to store, and others have been lost to digital decay....
View ArticleClik here to view.
31337 Password Guessing
In the digital forensics and incident response we tend to deal with encrypted containers on a regular basis. With encrypted containers means dealing with various styles and iterations of passwords used...
View ArticleNoriben Version 1.2 released
In a mad rush of programming while on a plane to BSidesNOLA, and during the conference, I completed a large number of updates, requests, and demands for Noriben.As a basic malware analysis sandbox,...
View ArticleHow To: Static analysis of encoded PHP scripts
This week, Steve Ragan of CSO OnlineĀ posted an article on a PHP-based botnet named by Arbor Networks as Fort Disco. As part of his analysis, Ragan posted an oddly obfuscated PHP script for others to...
View ArticleClik here to view.
Mojibaked Malware: Reading Strings Like Tarot Cards
One notable side effect to working in intrusions and malware analysis is the common and frustrating exposure to text in a foreign language. While many would argue the world was much better when text...
View ArticleClik here to view.
Malware Analysis: The State of Java Reversing Tools
In the world of incident response and malware analysis, Java has always been a known constant. While many malware analysts are monitoring more complex malware applications in various languages, Java is...
View ArticleNoriben version 1.4 released
It's been a few months since the last official release of Noriben. The interim time has been filled with a few ninja-edits of updated filters, and wondering what to put in next.Noriben started out as a...
View Article